Lista CVE - 2021 / Ottobre
Visualizzazione 701 - 800 di 1706 CVE per Ottobre 2021 (Pagina 8 di 18)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-20806 | 2021-10-13 | Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. |
| CVE-2021-20807 | 2021-10-13 | Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.0.0 to 3.1.9 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20831 | 2021-10-13 | Cross-site request forgery (CSRF) vulnerability in OG Tags versions prior to 2.0.2 allows a remote attacker to hijack the authentication of administrators and unintended operation may be performed via unspecified... |
| CVE-2021-20832 | 2021-10-13 | InBody App for iOS versions prior to 2.3.30 and InBody App for Android versions prior to 2.2.90(510) contain a vulnerability which may lead to information disclosure only when it works... |
| CVE-2021-20833 | 2021-10-13 | The SNKRDUNK Market Place App for iOS versions prior to 2.2.0 does not verify server certificate properly, which allows man-in-the-middle attackers to eavesdrop on and/or alter encrypted communication via a... |
| CVE-2021-20834 | 2021-10-13 | Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote... |
| CVE-2021-33609 | 2021-10-13 | Denial of service in DataCommunicator class in Vaadin 8 |
| CVE-2021-41137 | 2021-10-13 | Bypassing policy restrictions on regular users |
| CVE-2021-34814 | 2021-10-13 | Proofpoint Spam Engine before 8.12.0-2106240000 has a Security Control Bypass. |
| CVE-2021-39304 | 2021-10-13 | Proofpoint Enterprise Protection before 8.12.0-2108090000 allows security control bypass. |
| CVE-2021-41138 | 2021-10-13 | Validity check for signed Frontier-specific extrinsic not called in block execution |
| CVE-2021-22033 | 2021-10-13 | Releases prior to VMware vRealize Operations 8.6 contain a Server Side Request Forgery (SSRF) vulnerability. |
| CVE-2021-20123 | 2021-10-13 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files... |
| CVE-2021-20124 | 2021-10-13 | A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files... |
| CVE-2021-20125 | 2021-10-13 | An arbitrary file upload and directory traversal vulnerability exists in the file upload functionality of DownloadFileServlet in Draytek VigorConnect 1.6.0-B3. An unauthenticated attacker could leverage this vulnerability to upload files... |
| CVE-2021-20126 | 2021-10-13 | Draytek VigorConnect 1.6.0-B3 lacks cross-site request forgery protections and does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. |
| CVE-2021-20127 | 2021-10-13 | An arbitrary file deletion vulnerability exists in the file delete functionality of the Html5Servlet endpoint of Draytek VigorConnect 1.6.0-B3. This allows an authenticated user to arbitrarily delete files in any... |
| CVE-2021-20128 | 2021-10-13 | The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized. |
| CVE-2021-20129 | 2021-10-13 | An information disclosure vulnerability exists in Draytek VigorConnect 1.6.0-B3, allowing an unauthenticated attacker to export system logs. |
| CVE-2021-22035 | 2021-10-13 | VMware vRealize Log Insight (8.x prior to 8.6) contains a CSV(Comma Separated Value) injection vulnerability in interactive analytics export function. An authenticated malicious actor with non-administrative privileges may be able... |
| CVE-2021-22036 | 2021-10-13 | VMware vRealize Orchestrator ((8.x prior to 8.6) contains an open redirect vulnerability due to improper path handling. A malicious actor may be able to redirect victim to an attacker controlled... |
| CVE-2021-40732 | 2021-10-13 | XMP Toolkit SDK Null Pointer Dereference |
| CVE-2021-3057 | 2021-10-13 | GlobalProtect App: Buffer Overflow Vulnerability When Connecting to Portal or Gateway |
| CVE-2021-35498 | 2021-10-13 | TIBCO EBX Insecure Login Mechanism |
| CVE-2021-41139 | 2021-10-13 | Reflected XSS vulnerability in time.php |
| CVE-2021-40843 | 2021-10-13 | Proofpoint Insider Threat Management Server contains an unsafe deserialization vulnerability in the Web Console. An attacker with write access to the local database could cause arbitrary code to execute with... |
| CVE-2021-40842 | 2021-10-13 | Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain... |
| CVE-2021-20130 | 2021-10-13 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the PasswordExpiry interface. |
| CVE-2021-20131 | 2021-10-13 | ManageEngine ADManager Plus Build 7111 contains a post-authentication remote code execution vulnerability due to improperly validated file uploads in the Personalization interface. |
| CVE-2021-42223 | 2021-10-13 | Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. |
| CVE-2021-42224 | 2021-10-13 | SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php. |
| CVE-2021-26318 | 2021-10-13 | Side-channels Related to the x86 PREFETCH Instruction |
| CVE-2021-40493 | 2021-10-13 | Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API. |
| CVE-2021-41075 | 2021-10-13 | The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API. |
| CVE-2021-20599 | 2021-10-14 | Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU... |
| CVE-2021-42369 | 2021-10-14 | Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web... |
| CVE-2021-40854 | 2021-10-14 | AnyDesk before 6.2.6 and 6.3.x before 6.3.3 allows a local user to obtain administrator privileges by using the Open Chat Log feature to launch a privileged Notepad process that can... |
| CVE-2021-42341 | 2021-10-14 | checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results... |
| CVE-2021-42342 | 2021-10-14 | An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the... |
| CVE-2021-3882 | 2021-10-14 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb |
| CVE-2020-22724 | 2021-10-14 | A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. |
| CVE-2020-19964 | 2021-10-14 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. |
| CVE-2020-19962 | 2021-10-14 | A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts. |
| CVE-2020-19960 | 2021-10-14 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. |
| CVE-2020-19961 | 2021-10-14 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. |
| CVE-2020-19959 | 2021-10-14 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. |
| CVE-2020-19957 | 2021-10-14 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. |
| CVE-2020-19954 | 2021-10-14 | An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. |
| CVE-2021-22964 | 2021-10-14 | A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed... |
| CVE-2021-22963 | 2021-10-14 | A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue... |
| CVE-2021-33177 | 2021-10-14 | The Bulk Modifications functionality in Nagios XI versions prior to 5.8.5 is vulnerable to SQL injection. Exploitation requires the malicious actor to be authenticated to the vulnerable system, but once... |
| CVE-2021-33178 | 2021-10-14 | The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Exploitation of this results in a malicious actor having the ability to... |
| CVE-2021-33179 | 2021-10-14 | The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly... |
| CVE-2021-37933 | 2021-10-14 | An LDAP injection vulnerability in /account/login in Huntflow Enterprise before 3.10.6 could allow an unauthenticated, remote user to modify the logic of an LDAP query and bypass authentication. The vulnerability... |
| CVE-2021-41132 | 2021-10-14 | Inconsistent input sanitisation leads to XSS vectors |
| CVE-2021-38344 | 2021-10-14 | Brizy <= 2.3.11 Authenticated Stored Cross-Site Scripting |
| CVE-2021-38345 | 2021-10-14 | Brizy <= 1.0.125 and 1.0.127 – 2.3.11 Incorrect authorization checks allowing Post modification |
| CVE-2021-38346 | 2021-10-14 | Brizy <= 2.3.11 Authenticated Unrestricted File Upload and Path Traversal |
| CVE-2021-41142 | 2021-10-14 | XSS via the name of a deleted attachment |
| CVE-2021-42227 | 2021-10-14 | Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is... |
| CVE-2021-42228 | 2021-10-14 | A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html. |
| CVE-2021-32569 | 2021-10-14 | In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing... |
| CVE-2021-32571 | 2021-10-14 | In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by... |
| CVE-2021-36387 | 2021-10-14 | In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4". |
| CVE-2021-36388 | 2021-10-14 | In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request... |
| CVE-2021-36389 | 2021-10-14 | In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to... |
| CVE-2021-38295 | 2021-10-14 | Privilege escalation vulnerability when using HTML attachments |
| CVE-2021-42340 | 2021-10-14 | DoS via memory leak with WebSocket connections |
| CVE-2021-28021 | 2021-10-15 | Buffer overflow vulnerability in function stbi__extend_receive in stb_image.h in stb 2.26 via a crafted JPEG file. |
| CVE-2021-40999 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-42329 | 2021-10-15 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS |
| CVE-2021-42330 | 2021-10-15 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-1 |
| CVE-2021-42331 | 2021-10-15 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-2 |
| CVE-2021-42332 | 2021-10-15 | ShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-3 |
| CVE-2021-42333 | 2021-10-15 | Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-1 |
| CVE-2021-42334 | 2021-10-15 | Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-2 |
| CVE-2021-42335 | 2021-10-15 | Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS |
| CVE-2021-42336 | 2021-10-15 | Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization |
| CVE-2021-39332 | 2021-10-15 | Business Manager – WordPress ERP, HR, CRM, and Project Management Plugin <= 1.4.5 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39334 | 2021-10-15 | Job Board Vanila Plugin <= 1.0 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39336 | 2021-10-15 | Job Manager <= 0.7.25 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39337 | 2021-10-15 | job-portal <= 0.0.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39345 | 2021-10-15 | HAL <= 2.1.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39338 | 2021-10-15 | MyBB Cross-Poster <= 1.0 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39335 | 2021-10-15 | WpGenius Job Listing <= 1.0.2 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39344 | 2021-10-15 | KJM Admin Notices <= 2.0.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39349 | 2021-10-15 | Author Bio Box <= 3.3.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-38431 | 2021-10-15 | Advantech WebAccess SCADA |
| CVE-2021-37737 | 2021-10-15 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-37736 | 2021-10-15 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-37738 | 2021-10-15 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to... |
| CVE-2021-40987 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-37739 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-40986 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-40992 | 2021-10-15 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-3874 | 2021-10-15 | Path Traversal in bookstackapp/bookstack |
| CVE-2021-3875 | 2021-10-15 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3878 | 2021-10-15 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp |
| CVE-2021-3881 | 2021-10-15 | Out-of-bounds Read in bfabiszewski/libmobi |
| CVE-2021-40989 | 2021-10-15 | A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |