Lista CVE - 2021 / Ottobre
Visualizzazione 1401 - 1500 di 1706 CVE per Ottobre 2021 (Pagina 15 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-24515 | 2021-10-25 | Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24543 | 2021-10-25 | jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24544 | 2021-10-25 | Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-0936 | 2021-10-25 | In acc_read of f_accessory.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-24608 | 2021-10-25 | Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24653 | 2021-10-25 | Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24662 | 2021-10-25 | Game Server Status <= 1.0 - Admin+ SQL Injection |
| CVE-2021-24699 | 2021-10-25 | Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-0939 | 2021-10-25 | In set_default_passthru_cfg of passthru.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.... |
| CVE-2021-24744 | 2021-10-25 | WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24769 | 2021-10-25 | Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection |
| CVE-2021-24774 | 2021-10-25 | Check & Log Email < 1.0.3 - Admin+ SQL Injections |
| CVE-2021-24779 | 2021-10-25 | WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update |
| CVE-2021-24785 | 2021-10-25 | Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24884 | 2021-10-25 | Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24885 | 2021-10-25 | YOP Poll < 6.1.2 - Reflected Cross-Site Scripting |
| CVE-2017-20007 | 2021-10-25 | Information Exposure in INGEPAC DA AU |
| CVE-2020-20908 | 2021-10-25 | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name... |
| CVE-2021-41035 | 2021-10-25 | In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods. |
| CVE-2021-21319 | 2021-10-25 | Several stored XSS |
| CVE-2021-37624 | 2021-10-25 | FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing |
| CVE-2021-41176 | 2021-10-25 | logout CSRF in Pterodactyl Panel |
| CVE-2021-34854 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-34855 | 2021-10-25 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the... |
| CVE-2021-34856 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-34857 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target... |
| CVE-2021-34859 | 2021-10-25 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer 15.16.8.0. User interaction is required to exploit this vulnerability in that the target must visit a... |
| CVE-2021-34860 | 2021-10-25 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-34861 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-34862 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-34863 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2020 1.01rc001 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-34864 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target... |
| CVE-2021-39220 | 2021-10-25 | Bypass of image blocking in Nextcloud Mail |
| CVE-2021-39221 | 2021-10-25 | XSS in Contacts |
| CVE-2021-38258 | 2021-10-25 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostProcessCallback(). |
| CVE-2021-38260 | 2021-10-25 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer overflow in the function USB_HostParseDeviceConfigurationDescriptor(). |
| CVE-2021-39223 | 2021-10-25 | File path disclosure of shared files in Richdocuments application |
| CVE-2021-39225 | 2021-10-25 | Missing permission check on Deck API |
| CVE-2021-39224 | 2021-10-25 | File path disclosure of shared files in OfficeOnline application |
| CVE-2021-41177 | 2021-10-25 | Rate-limits not working on instances without configured memory cache backend |
| CVE-2021-41178 | 2021-10-25 | File Traversal affecting SVG files on Nextcloud Server |
| CVE-2021-41179 | 2021-10-25 | Two-Factor Authentication not enforced for pages marked as public |
| CVE-2021-41145 | 2021-10-25 | FreeSWITCH susceptible to Denial of Service via SIP flooding |
| CVE-2021-41105 | 2021-10-25 | FreeSWITCH susceptible to Denial of Service via invalid SRTP packets |
| CVE-2021-40345 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. In the Manage Dashlets section of the Admin panel, an administrator can upload ZIP files. A command injection (within the name of... |
| CVE-2021-41182 | 2021-10-26 | XSS in the `altField` option of the Datepicker widget |
| CVE-2021-41183 | 2021-10-26 | XSS in `*Text` options of the Datepicker widget |
| CVE-2021-41184 | 2021-10-26 | XSS in the `of` option of the `.position()` util |
| CVE-2021-41304 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message.... |
| CVE-2021-41305 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view the names of private projects and filters via an Insecure Direct Object References (IDOR) vulnerability... |
| CVE-2021-41306 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view private project and filter names via an Insecure Direct Object References (IDOR) vulnerability in the... |
| CVE-2021-41307 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to view the names of private projects and private filters via an Insecure Direct Object References (IDOR)... |
| CVE-2021-41308 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken Access Control vulnerability in the `ReplicationSettings!default.jspa`... |
| CVE-2021-20837 | 2021-10-26 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series), Movable Type 6.8.2 and earlier (Movable Type 6 Series), Movable Type Advanced 7 r.5002 and earlier (Movable Type Advanced 7... |
| CVE-2021-34583 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS) |
| CVE-2021-34584 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS) |
| CVE-2021-34585 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS) |
| CVE-2021-34586 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS) |
| CVE-2021-34593 | 2021-10-26 | CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service |
| CVE-2021-34595 | 2021-10-26 | CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service |
| CVE-2021-34596 | 2021-10-26 | CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service |
| CVE-2020-5669 | 2021-10-26 | Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script... |
| CVE-2021-42343 | 2021-10-26 | An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure... |
| CVE-2021-40343 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. Insecure file permissions on the nagios_unbundler.py file allow the nagios user to elevate their privileges to the root user. |
| CVE-2021-40344 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. In the Custom Includes section of the Admin panel, an administrator can upload files with arbitrary extensions as long as the MIME... |
| CVE-2021-41873 | 2021-10-26 | Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and Skyworth Digital. An unauthorized access vulnerability exists in the Penguin Aurora Box. An... |
| CVE-2021-26607 | 2021-10-26 | TOBESOFT NEXACRO17 arbitrary command execution vulnerability |
| CVE-2021-41078 | 2021-10-26 | Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file. |
| CVE-2021-26609 | 2021-10-26 | WordPress Mangboard SQL-Injection vulnerability |
| CVE-2011-2195 | 2021-10-26 | A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed... |
| CVE-2011-4119 | 2021-10-26 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install. |
| CVE-2021-37371 | 2021-10-26 | Online Student Admission System 1.0 is affected by an unauthenticated SQL injection bypass vulnerability in /admin/login.php. |
| CVE-2021-37372 | 2021-10-26 | Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote... |
| CVE-2021-37363 | 2021-10-26 | An Insecure Permissions issue exists in Gestionale Open 11.00.00. A low privilege account is able to rename the mysqld.exe file located in bin folder and replace with a malicious file... |
| CVE-2021-37364 | 2021-10-26 | OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default the Authenticated Users group has the modify permission to openclinic folders/files. A low privilege account is able to rename mysqld.exe... |
| CVE-2021-41157 | 2021-10-26 | FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default |
| CVE-2021-41158 | 2021-10-26 | FreeSWITCH vulnerable to SIP digest leak for configured gateways |
| CVE-2021-41172 | 2021-10-26 | Self-XSS in AS_Redis |
| CVE-2021-41173 | 2021-10-26 | DoS via maliciously crafted p2p message |
| CVE-2021-41175 | 2021-10-26 | Stored XSS in Client Groups Management (Authenticated) |
| CVE-2021-41185 | 2021-10-26 | Download file outside intended directory |
| CVE-2021-41188 | 2021-10-26 | Authenticated Stored XSS in Administration |
| CVE-2021-35499 | 2021-10-26 | TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities |
| CVE-2019-3556 | 2021-10-26 | HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the... |
| CVE-2020-22864 | 2021-10-26 | A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2021-41866 | 2021-10-26 | MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly. |
| CVE-2021-23877 | 2021-10-26 | McAfee Total Protection (MTP) - Privilege Escalation vulnerability |
| CVE-2021-37131 | 2021-10-27 | There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV... |
| CVE-2021-37124 | 2021-10-27 | There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit... |
| CVE-2021-37127 | 2021-10-27 | There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause... |
| CVE-2021-37130 | 2021-10-27 | There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a... |
| CVE-2021-37122 | 2021-10-27 | There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine... |
| CVE-2021-37129 | 2021-10-27 | There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful... |
| CVE-2020-7867 | 2021-10-27 | Helpu arbitrary file creation vulnerability |
| CVE-2021-26610 | 2021-10-27 | godomall5 remote code execution vulnerability |
| CVE-2021-38450 | 2021-10-27 | Trane Tracer Code Injection |
| CVE-2011-4124 | 2021-10-27 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. |
| CVE-2011-4125 | 2021-10-27 | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. |
| CVE-2011-4126 | 2021-10-27 | Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. |
| CVE-2021-35233 | 2021-10-27 | HTTP TRACK & TRACE Methods Enabled |