Lista CVE - 2021 / Novembre
Visualizzazione 1001 - 1100 di 1508 CVE per Novembre 2021 (Pagina 11 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-33058 | 2021-11-17 | Improper access control in the installer Intel(R)Administrative Tools for Intel(R) Network Adaptersfor Windowsbefore version 1.4.0.21 may allow an unauthenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-33098 | 2021-11-17 | Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2021-33059 | 2021-11-17 | Improper input validation in the Intel(R) Administrative Tools for Intel(R) Network Adapters driver for Windows before version 1.4.0.15, may allow a privileged user to potentially enable escalation of privilege via... |
| CVE-2021-0200 | 2021-11-17 | Out-of-bounds write in the firmware for Intel(R) Ethernet 700 Series Controllers before version 8.2 may allow a privileged user to potentially enable an escalation of privilege via local access. |
| CVE-2021-41165 | 2021-11-17 | HTML comments vulnerability allowing to execute JavaScript code |
| CVE-2021-0197 | 2021-11-17 | Protection mechanism failure in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to enable a denial of service via local access. |
| CVE-2021-0198 | 2021-11-17 | Improper access control in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.5.5.6 may allow a privileged user to potentially enable a denial of service via local... |
| CVE-2021-0199 | 2021-11-17 | Improper input validation in the firmware for the Intel(R) Ethernet Network Controller E810 before version 1.6.0.6 may allow a privileged user to potentially enable a denial of service via local... |
| CVE-2021-43996 | 2021-11-17 | The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. |
| CVE-2021-0064 | 2021-11-17 | Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0065 | 2021-11-17 | Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0151 | 2021-11-17 | Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via... |
| CVE-2021-41190 | 2021-11-17 | Clarify Content-Type handling in OCI spec |
| CVE-2021-0152 | 2021-11-17 | Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of... |
| CVE-2021-33073 | 2021-11-17 | Uncontrolled resource consumption in the Intel(R) Distribution of OpenVINOâ„¢ Toolkit before version 2021.4 may allow an unauthenticated user to potentially enable denial of service via local access. |
| CVE-2021-0148 | 2021-11-17 | Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access. |
| CVE-2021-0110 | 2021-11-17 | Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access. |
| CVE-2021-0146 | 2021-11-17 | Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
| CVE-2021-0135 | 2021-11-17 | Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0063 | 2021-11-17 | Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2021-0078 | 2021-11-17 | Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure... |
| CVE-2021-0071 | 2021-11-17 | Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. |
| CVE-2021-0082 | 2021-11-17 | Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-41273 | 2021-11-17 | Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys |
| CVE-2021-0069 | 2021-11-17 | Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial... |
| CVE-2021-0075 | 2021-11-17 | Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of... |
| CVE-2021-0079 | 2021-11-17 | Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access. |
| CVE-2021-0053 | 2021-11-17 | Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access. |
| CVE-2021-0013 | 2021-11-17 | Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access. |
| CVE-2020-8741 | 2021-11-17 | Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0186 | 2021-11-17 | Improper input validation in the Intel(R) SGX SDK applications compiled for SGX2 enabled processors may allow a privileged user to potentially escalation of privilege via local access. |
| CVE-2021-0180 | 2021-11-17 | Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. |
| CVE-2021-0182 | 2021-11-17 | Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable information disclosure via local access. |
| CVE-2021-41275 | 2021-11-17 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41274 | 2021-11-17 | Authentication Bypass by CSRF Weakness |
| CVE-2021-41277 | 2021-11-17 | GeoJSON URL validation can expose server files and environment variables to unauthorized users |
| CVE-2021-39920 | 2021-11-18 | NULL pointer exception in the IPPUSB dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39928 | 2021-11-18 | NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-43549 | 2021-11-18 | OSIsoft PI Web API |
| CVE-2021-27024 | 2021-11-18 | A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user with lower privileges being able to access a Puppet Enterprise API token. This issue... |
| CVE-2021-27026 | 2021-11-18 | A flaw was divered in Puppet Enterprise and other Puppet products where sensitive plan parameters may be logged |
| CVE-2021-27025 | 2021-11-18 | A flaw was discovered in Puppet Agent where the agent may silently ignore Augeas settings or may be vulnerable to a Denial of Service condition prior to the first 'pluginsync'. |
| CVE-2021-27023 | 2021-11-18 | A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar... |
| CVE-2021-36908 | 2021-11-18 | WordPress WP Reset PRO Premium Plugin <= 5.98 - Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2021-36909 | 2021-11-18 | WordPress WP Reset PRO Premium plugin <= 5.98 - Authenticated Database Reset vulnerability |
| CVE-2021-0672 | 2021-11-18 | In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction... |
| CVE-2021-0619 | 2021-11-18 | In ape extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0620 | 2021-11-18 | In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0621 | 2021-11-18 | In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0622 | 2021-11-18 | In asf extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0623 | 2021-11-18 | In asf extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0624 | 2021-11-18 | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0629 | 2021-11-18 | In mdlactl driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2021-0655 | 2021-11-18 | In mdlactl driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2021-0656 | 2021-11-18 | In edma driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2021-0657 | 2021-11-18 | In apusys, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0658 | 2021-11-18 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0659 | 2021-11-18 | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0664 | 2021-11-18 | In ccu, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0665 | 2021-11-18 | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0666 | 2021-11-18 | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0667 | 2021-11-18 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0668 | 2021-11-18 | In apusys, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2021-0669 | 2021-11-18 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0670 | 2021-11-18 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0671 | 2021-11-18 | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-43667 | 2021-11-18 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the... |
| CVE-2021-43668 | 2021-11-18 | Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference"... |
| CVE-2021-43669 | 2021-11-18 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by... |
| CVE-2021-37938 | 2021-11-18 | It was discovered that on Windows operating systems specifically, Kibana was not validating a user supplied path, which would load .pbf files. Because of this, a malicious user could arbitrarily... |
| CVE-2021-37939 | 2021-11-18 | It was discovered that Kibana’s JIRA connector & IBM Resilient connector could be used to return HTTP response data on internal hosts, which may be intentionally hidden from public view.... |
| CVE-2021-35535 | 2021-11-18 | Insufficient Security Control Vulnerability |
| CVE-2021-40751 | 2021-11-18 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40752 | 2021-11-18 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40753 | 2021-11-18 | Adobe After Effects SVG File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40754 | 2021-11-18 | Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40755 | 2021-11-18 | Adobe After Effects SGI File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40756 | 2021-11-18 | Adobe After Effects NULL Pointer Dereference Application Denial of Service |
| CVE-2021-40757 | 2021-11-18 | Adobe After Effects MXF File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40758 | 2021-11-18 | Adobe After Effects WAV File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40759 | 2021-11-18 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40760 | 2021-11-18 | Adobe After Effects M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40761 | 2021-11-18 | Adobe After Effects NULL Pointer Dereference Application Denial of Service |
| CVE-2021-35534 | 2021-11-18 | Insufficient Security Control Vulnerability |
| CVE-2021-40733 | 2021-11-18 | Adobe Animate Memory Corruption Could Lead To Arbitrary Code Execution |
| CVE-2021-42266 | 2021-11-18 | Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-42267 | 2021-11-18 | Adobe Animate FLA File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-42268 | 2021-11-18 | Adobe Animate FLA File Parsing Null Pointer Dereference Application Denial of Service |
| CVE-2021-42269 | 2021-11-18 | Adobe Animate FLA File Parsing Use After Free Remote Code Execution |
| CVE-2021-42270 | 2021-11-18 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-42271 | 2021-11-18 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-42272 | 2021-11-18 | Adobe Animate GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-42524 | 2021-11-18 | Adobe Animate BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-42525 | 2021-11-18 | Adobe Animate SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-23155 | 2021-11-18 | Improper validation of the cloud certificate chain in Mobile Client allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Client for Android... |
| CVE-2021-23162 | 2021-11-18 | Improper validation of the cloud certificate chain in Mobile Connect allows man-in-the-middle attack to impersonate the legitimate Command Centre Server. This issue affects: Gallagher Command Centre Mobile Connect for Android... |
| CVE-2021-23146 | 2021-11-18 | An Incomplete Comparison with Missing Factors vulnerability in the Gallagher Controller allows an attacker to bypass PIV verification. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3);... |
| CVE-2021-23167 | 2021-11-18 | Improper certificate validation vulnerability in SMTP Client allows man-in-the-middle attack to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command Centre 8.50 versions prior to 8.50.2048... |
| CVE-2021-23197 | 2021-11-18 | Unquoted service path vulnerability in the Gallagher Controller Service allows an unprivileged user to execute arbitrary code as the account that runs the Controller Service. This issue affects: Gallagher Command... |
| CVE-2021-23193 | 2021-11-18 | Improper privilege validation vulnerability in COM Interface of Gallagher Command Centre Server allows authenticated unprivileged operators to retrieve sensitive information from the Command Centre Server. This issue affects: Gallagher Command... |