Lista CVE - 2021 / Ottobre
Visualizzazione 201 - 300 di 1706 CVE per Ottobre 2021 (Pagina 3 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-41286 | 2021-10-05 | Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database... |
| CVE-2021-41114 | 2021-10-05 | HTTP Host Header Injection in Request Handling in Typo3 |
| CVE-2021-41113 | 2021-10-05 | Cross-Site-Request-Forgery in Backend URI Handling in Typo3 |
| CVE-2021-35497 | 2021-10-05 | TIBCO FTL unvalidated SAN in client certificates |
| CVE-2021-39226 | 2021-10-05 | Snapshot authentication bypass in grafana |
| CVE-2021-41116 | 2021-10-05 | Command injection in composer on Windows |
| CVE-2021-41120 | 2021-10-05 | Unauthorized access to Credit card form in sylius/paypal-plugin |
| CVE-2021-3319 | 2021-10-05 | DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses |
| CVE-2021-3436 | 2021-10-05 | BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known |
| CVE-2021-3510 | 2021-10-05 | Zephyr JSON decoder incorrectly decodes array of array |
| CVE-2021-3581 | 2021-10-05 | Buffer Access with Incorrect Length Value in zephyr |
| CVE-2021-3625 | 2021-10-05 | Buffer overflow in Zephyr USB DFU DNLOAD |
| CVE-2021-41124 | 2021-10-05 | Splash authentication credentials potentially leaked to target websites in scrapy-splash |
| CVE-2020-21503 | 2021-10-05 | waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter... |
| CVE-2020-21504 | 2021-10-05 | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login. |
| CVE-2020-21505 | 2021-10-05 | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave. |
| CVE-2020-21506 | 2021-10-05 | waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add. |
| CVE-2021-33849 | 2021-10-05 | A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's... |
| CVE-2021-31986 | 2021-10-05 | User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage. |
| CVE-2021-31987 | 2021-10-05 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients. |
| CVE-2021-31988 | 2021-10-05 | A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary... |
| CVE-2021-41122 | 2021-10-05 | Bounds check missing for decimal args in Vyper |
| CVE-2021-36178 | 2021-10-06 | A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup. |
| CVE-2021-36170 | 2021-10-06 | An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate... |
| CVE-2020-15941 | 2021-10-06 | A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of... |
| CVE-2021-36175 | 2021-10-06 | An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter... |
| CVE-2021-24019 | 2021-10-06 | An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain... |
| CVE-2021-24021 | 2021-10-06 | An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored... |
| CVE-2021-3848 | 2021-10-06 | An arbitrary file creation by privilege escalation vulnerability in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1, and Worry-Free Business Security Services could allow... |
| CVE-2021-33602 | 2021-10-06 | Denial-of-Service (DoS) Vulnerability |
| CVE-2020-19003 | 2021-10-06 | An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on... |
| CVE-2021-28702 | 2021-10-06 | PCI devices with RMRRs not deassigned correctly Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR"). These are typically used... |
| CVE-2021-0682 | 2021-10-06 | In sendAccessibilityEvent of NotificationManagerService.java, there is a possible disclosure of notification data due to a missing permission check. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2021-0688 | 2021-10-06 | In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User... |
| CVE-2021-0595 | 2021-10-06 | In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with... |
| CVE-2021-0686 | 2021-10-06 | In getDefaultSmsPackage of RoleManagerService.java, there is a possible way to get information about the default sms app of a different device user due to a missing permission check. This could... |
| CVE-2021-0692 | 2021-10-06 | In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0684 | 2021-10-06 | In TouchInputMapper::sync of TouchInputMapper.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution... |
| CVE-2021-0598 | 2021-10-06 | In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges... |
| CVE-2021-0644 | 2021-10-06 | In conditionallyRemoveIdentifiers of SubscriptionController.java, there is a possible way to retrieve a trackable identifier due to a missing permission check. This could lead to local information disclosure with User execution... |
| CVE-2021-0690 | 2021-10-06 | In ih264d_mark_err_slice_skip of ih264d_parse_pslice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2021-0695 | 2021-10-06 | In get_sock_stat of xt_qtaguid.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with User execution privileges needed.... |
| CVE-2021-0693 | 2021-10-06 | In openFile of HeapDumpProvider.java, there is a possible way to retrieve generated heap dumps from debuggable apps due to an unprotected provider. This could lead to local information disclosure with... |
| CVE-2021-0683 | 2021-10-06 | In runTraceIpcStop of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0691 | 2021-10-06 | In the SELinux policy configured in system_app.te, there is a possible way for system_app to gain code execution in other processes due to an overly-permissive SELinux policy. This could lead... |
| CVE-2021-0687 | 2021-10-06 | In ellipsize of Layout.java, there is a possible ANR due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction... |
| CVE-2021-0636 | 2021-10-06 | When extracting the incorrectly formatted avi file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This... |
| CVE-2021-0635 | 2021-10-06 | When extracting the incorrectly formatted flv file, the memory is damaged, the playback interface shows that the video cannot be played, and the log is found to be crashed. This... |
| CVE-2021-0689 | 2021-10-06 | In RGB_to_BGR1_portable of SkSwizzler_opts.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2021-0685 | 2021-10-06 | In ParsedIntentInfo of ParsedIntentInfo.java, there is a possible parcel serialization/deserialization mismatch due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2021-0681 | 2021-10-06 | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-0680 | 2021-10-06 | In system properties, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-20264 | 2021-10-06 | An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd... |
| CVE-2021-39350 | 2021-10-06 | FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting |
| CVE-2021-39351 | 2021-10-06 | WP Bannerize 2.0.0 - 4.0.2 - Authenticated SQL Injection |
| CVE-2021-25467 | 2021-10-06 | Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. |
| CVE-2021-25468 | 2021-10-06 | A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. |
| CVE-2021-25469 | 2021-10-06 | A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. |
| CVE-2021-25470 | 2021-10-06 | An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. |
| CVE-2021-25471 | 2021-10-06 | A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. |
| CVE-2021-25472 | 2021-10-06 | An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. |
| CVE-2021-25473 | 2021-10-06 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of... |
| CVE-2021-25474 | 2021-10-06 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of... |
| CVE-2021-25475 | 2021-10-06 | A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. |
| CVE-2021-25476 | 2021-10-06 | An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. |
| CVE-2021-25477 | 2021-10-06 | An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. |
| CVE-2021-25478 | 2021-10-06 | A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. |
| CVE-2021-25479 | 2021-10-06 | A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. |
| CVE-2021-25480 | 2021-10-06 | A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile... |
| CVE-2021-25481 | 2021-10-06 | An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. |
| CVE-2021-25482 | 2021-10-06 | SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. |
| CVE-2021-25483 | 2021-10-06 | Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. |
| CVE-2021-25484 | 2021-10-06 | Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. |
| CVE-2021-25485 | 2021-10-06 | Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket. |
| CVE-2021-25486 | 2021-10-06 | Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. |
| CVE-2021-25487 | 2021-10-06 | Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by... |
| CVE-2021-29758 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls.... |
| CVE-2021-25488 | 2021-10-06 | Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. |
| CVE-2021-29760 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213. |
| CVE-2021-29761 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force... |
| CVE-2021-29764 | 2021-10-06 | IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-29798 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view,... |
| CVE-2021-25489 | 2021-10-06 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. |
| CVE-2021-29836 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2021-29837 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user... |
| CVE-2021-29855 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2021-29903 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view,... |
| CVE-2021-25490 | 2021-10-06 | A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. |
| CVE-2021-38925 | 2021-10-06 | IBM Sterling B2B Integrator Standard Edition 5.2.0. 0 through 6.1.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210171. |
| CVE-2021-25491 | 2021-10-06 | A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. |
| CVE-2021-41121 | 2021-10-06 | Memory corruption in Vyper |
| CVE-2021-25492 | 2021-10-06 | Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. |
| CVE-2021-25493 | 2021-10-06 | Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read |
| CVE-2021-25494 | 2021-10-06 | A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. |
| CVE-2021-25495 | 2021-10-06 | A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. |
| CVE-2021-25496 | 2021-10-06 | A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. |
| CVE-2021-25497 | 2021-10-06 | A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. |
| CVE-2021-25498 | 2021-10-06 | A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. |
| CVE-2021-25499 | 2021-10-06 | Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. |
| CVE-2021-41125 | 2021-10-06 | HTTP authentication credential leak to target websites in scrapy |