Lista CVE - 2021 / Ottobre
Visualizzazione 1601 - 1700 di 1706 CVE per Ottobre 2021 (Pagina 17 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-37002 | 2021-10-28 | There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed. |
| CVE-2021-22451 | 2021-10-28 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting. |
| CVE-2021-22457 | 2021-10-28 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write. |
| CVE-2021-22459 | 2021-10-28 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable. |
| CVE-2021-22460 | 2021-10-28 | A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism. |
| CVE-2021-22470 | 2021-10-28 | A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. |
| CVE-2021-22450 | 2021-10-28 | A component of the HarmonyOS has a Incomplete Cleanup vulnerability. Local attackers may exploit this vulnerability to cause memory exhaustion. |
| CVE-2021-22456 | 2021-10-28 | A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. |
| CVE-2021-22465 | 2021-10-28 | A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable. |
| CVE-2021-22452 | 2021-10-28 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. |
| CVE-2021-22455 | 2021-10-28 | A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause the memory which is not released. |
| CVE-2021-22462 | 2021-10-28 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. |
| CVE-2021-22463 | 2021-10-28 | A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure. |
| CVE-2021-22466 | 2021-10-28 | A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash. |
| CVE-2021-22468 | 2021-10-28 | A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage. |
| CVE-2021-22469 | 2021-10-28 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read. |
| CVE-2021-22454 | 2021-10-28 | A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump. |
| CVE-2021-22458 | 2021-10-28 | A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution. |
| CVE-2021-22467 | 2021-10-28 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address. |
| CVE-2021-22453 | 2021-10-28 | A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
| CVE-2021-22461 | 2021-10-28 | A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
| CVE-2021-22464 | 2021-10-28 | A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart. |
| CVE-2021-22471 | 2021-10-28 | A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash. |
| CVE-2021-22278 | 2021-10-28 | Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool |
| CVE-2021-37254 | 2021-10-28 | In M-Files Web product with versions before 20.10.9524.1 and 20.10.9445.0, a remote attacker could use a flaw to obtain unauthenticated access to 3rd party component license key information on server. |
| CVE-2021-3579 | 2021-10-28 | Incorrect Default Permissions vulnerability in bdservicehost.exe and Vulnerability.Scan.exe |
| CVE-2021-3576 | 2021-10-28 | Privilege escalation via SeImpersonatePrivilege |
| CVE-2021-3823 | 2021-10-28 | Path traversal vulnerability in Bitdefender GravitZone Update Server in relay mode |
| CVE-2020-22312 | 2021-10-28 | A cross-site scripting (XSS) vulnerability was discovered in the OJ/admin-tool /cal_scores.php function of HZNUOJ v1.0. |
| CVE-2021-41728 | 2021-10-28 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. |
| CVE-2021-22044 | 2021-10-28 | In Spring Cloud OpenFeign 3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older unsupported versions, applications using type-level `@RequestMapping`annotations over Feign client interfaces, can be involuntarily exposing endpoints corresponding to `@RequestMapping`-annotated... |
| CVE-2021-22047 | 2021-10-28 | In Spring Data REST versions 3.4.0 - 3.4.13, 3.5.0 - 3.5.5, and older unsupported versions, HTTP resources implemented by custom controllers using a configured base API path and a controller... |
| CVE-2021-22096 | 2021-10-28 | In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional... |
| CVE-2021-22097 | 2021-10-28 | In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString() method, will deserialize a body for a message with content type... |
| CVE-2020-7875 | 2021-10-28 | RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability |
| CVE-2021-3745 | 2021-10-28 | Unrestricted Upload of File with Dangerous Type in flatcore/flatcore-cms |
| CVE-2020-9897 | 2021-10-28 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead... |
| CVE-2020-29629 | 2021-10-28 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory. |
| CVE-2021-30813 | 2021-10-28 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login... |
| CVE-2021-1821 | 2021-10-28 | A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system... |
| CVE-2021-30809 | 2021-10-28 | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted... |
| CVE-2021-30808 | 2021-10-28 | This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected... |
| CVE-2021-30818 | 2021-10-28 | A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS... |
| CVE-2021-30816 | 2021-10-28 | The issue was addressed with improved permissions logic. This issue is fixed in iOS 15 and iPadOS 15. An attacker with physical access to a device may be able to... |
| CVE-2021-30814 | 2021-10-28 | A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may... |
| CVE-2021-30823 | 2021-10-28 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in... |
| CVE-2021-30831 | 2021-10-28 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted font may result... |
| CVE-2021-30817 | 2021-10-28 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the... |
| CVE-2021-30824 | 2021-10-28 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may... |
| CVE-2021-30821 | 2021-10-28 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may... |
| CVE-2021-30840 | 2021-10-28 | This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to... |
| CVE-2021-30833 | 2021-10-28 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. |
| CVE-2021-30834 | 2021-10-28 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update... |
| CVE-2021-30836 | 2021-10-28 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a... |
| CVE-2020-25422 | 2021-10-28 | A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2021-36547 | 2021-10-28 | A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file. |
| CVE-2021-36548 | 2021-10-28 | A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file. |
| CVE-2021-36550 | 2021-10-28 | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2021-36551 | 2021-10-28 | TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload... |
| CVE-2021-41194 | 2021-10-28 | Improper Access Control in jupyterhub-firstuseauthenticator |
| CVE-2020-23546 | 2021-10-28 | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as... |
| CVE-2020-23549 | 2021-10-28 | IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection... |
| CVE-2021-25742 | 2021-10-29 | Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces |
| CVE-2020-22079 | 2021-10-29 | Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0RTL_V15.03.06.48_multi_TDE01 allows remote attackers to execute arbitrary code via the timeZone parameter to goform/SetSysTimeCfg. |
| CVE-2021-31624 | 2021-10-29 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter. |
| CVE-2021-31627 | 2021-10-29 | Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter. |
| CVE-2021-31862 | 2021-10-29 | SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. |
| CVE-2021-22038 | 2021-10-29 | On Windows, the uninstaller binary copies itself to a fixed temporary location, which is then executed (the originally called uninstaller exits, so it does not block the installation directory). This... |
| CVE-2021-22037 | 2021-10-29 | Under certain circumstances, when manipulating the Windows registry, InstallBuilder uses the reg.exe system command. The full path to the command is not enforced, which results in a search in the... |
| CVE-2021-3662 | 2021-10-29 | Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). |
| CVE-2021-3441 | 2021-10-29 | A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). |
| CVE-2021-39179 | 2021-10-29 | SQL Injection in DHIS2 Tracker API |
| CVE-2021-35237 | 2021-10-29 | Clickjacking Vulnerability |
| CVE-2021-41186 | 2021-10-29 | ReDoS vulnerability in parser_apache2 |
| CVE-2021-41674 | 2021-10-29 | An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php. |
| CVE-2021-41675 | 2021-10-29 | A Remote Code Execution (RCE) vulnerabilty exists in Sourcecodester E-Negosyo System 1.0 in /admin/produts/controller.php via the doInsert function, which validates images with getImageSizei. . |
| CVE-2021-41676 | 2021-10-29 | An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. |
| CVE-2021-3756 | 2021-10-29 | Heap-based Buffer Overflow in hoene/libmysofa |
| CVE-2021-41643 | 2021-10-29 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field. |
| CVE-2021-41644 | 2021-10-29 | Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. |
| CVE-2021-41645 | 2021-10-29 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . |
| CVE-2021-41646 | 2021-10-29 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters.. |
| CVE-2021-41746 | 2021-10-29 | SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information. |
| CVE-2021-41189 | 2021-10-29 | Communities and collections administrators can escalate their privilege up to system administrator |
| CVE-2020-25872 | 2021-10-29 | A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter. |
| CVE-2020-25873 | 2021-10-29 | A directory traversal vulnerability in the component system/manager/class/web/database.php was discovered in Baijiacms V4 which allows attackers to arbitrarily delete folders on the server via the "id" parameter. |
| CVE-2021-1118 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to... |
| CVE-2021-1119 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result... |
| CVE-2021-1120 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS... |
| CVE-2021-1121 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may... |
| CVE-2021-1122 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service. |
| CVE-2021-1123 | 2021-10-29 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service. |
| CVE-2020-25881 | 2021-10-29 | A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted... |
| CVE-2021-36808 | 2021-10-30 | A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115. |
| CVE-2020-25911 | 2021-10-31 | A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in MODX CMS 2.7.3 which can lead to an information disclosure or denial of service (DOS). |
| CVE-2020-25912 | 2021-10-31 | A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.php in Symphony 2.7.10 which can lead to an information disclosure or denial of service (DOS). |
| CVE-2021-33259 | 2021-10-31 | Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history. |
| CVE-2020-26705 | 2021-10-31 | The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of... |
| CVE-2020-26707 | 2021-10-31 | An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter. |
| CVE-2020-36376 | 2021-10-31 | An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. |