Lista CVE - 2021 / Novembre
Visualizzazione 401 - 500 di 1508 CVE per Novembre 2021 (Pagina 5 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-25978 | 2021-11-07 | Apostrophe - XSS |
| CVE-2021-41771 | 2021-11-08 | ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. |
| CVE-2021-41772 | 2021-11-08 | Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. |
| CVE-2021-42073 | 2021-11-08 | An issue was discovered in Barrier before 2.4.0. An attacker can enter an active session state with the barriers component (aka the server-side implementation of Barrier) simply by supplying a... |
| CVE-2021-31599 | 2021-11-08 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. A reports (.prpt) file allows the inclusion of BeanShell scripts to ease the... |
| CVE-2021-31600 | 2021-11-08 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow... |
| CVE-2021-31601 | 2021-11-08 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow... |
| CVE-2021-31602 | 2021-11-08 | An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. The Security Model has different layers of Access Control. One of these layers... |
| CVE-2021-34684 | 2021-11-08 | Hitachi Vantara Pentaho Business Analytics through 9.1 allows an unauthenticated user to execute arbitrary SQL queries on any Pentaho data source and thus retrieve data from the related databases, as... |
| CVE-2021-34685 | 2021-11-08 | UploadService in Hitachi Vantara Pentaho Business Analytics through 9.1 does not properly verify uploaded user files, which allows an authenticated user to upload various files of different file types. Specifically,... |
| CVE-2021-42072 | 2021-11-08 | An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit... |
| CVE-2021-42074 | 2021-11-08 | An issue was discovered in Barrier before 2.3.4. An unauthenticated attacker can cause a segmentation fault in the barriers component (aka the server-side implementation of Barrier) by quickly opening and... |
| CVE-2021-42075 | 2021-11-08 | An issue was discovered in Barrier before 2.3.4. The barriers component (aka the server-side implementation of Barrier) does not correctly close file descriptors for established TCP connections. An unauthenticated remote... |
| CVE-2021-42076 | 2021-11-08 | An issue was discovered in Barrier before 2.3.4. An attacker can cause memory exhaustion in the barriers component (aka the server-side implementation of Barrier) and barrierc by sending long TCP... |
| CVE-2021-42077 | 2021-11-08 | PHP Event Calendar before 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary... |
| CVE-2021-42078 | 2021-11-08 | PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform... |
| CVE-2021-42372 | 2021-11-08 | A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running... |
| CVE-2021-42371 | 2021-11-08 | lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. |
| CVE-2021-42370 | 2021-11-08 | A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires... |
| CVE-2021-32481 | 2021-11-08 | Cloudera Hue 4.6.0 allows XSS via the type parameter. |
| CVE-2021-29994 | 2021-11-08 | Cloudera Hue 4.6.0 allows XSS. |
| CVE-2021-32482 | 2021-11-08 | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. |
| CVE-2021-29243 | 2021-11-08 | Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. |
| CVE-2021-30132 | 2021-11-08 | Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. |
| CVE-2021-32483 | 2021-11-08 | Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard. |
| CVE-2021-37850 | 2021-11-08 | Denial of service in ESET for Mac products |
| CVE-2021-22051 | 2021-11-08 | Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x... |
| CVE-2021-41733 | 2021-11-08 | Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. |
| CVE-2021-39182 | 2021-11-08 | Use of Password Hash With Insufficient Computational Effort and Use of a Broken or Risky Cryptographic Algorithm and Reversible One-Way Hash in hashing.py |
| CVE-2021-25979 | 2021-11-08 | Apostrophe - Insufficient Session Expiration |
| CVE-2021-28022 | 2021-11-08 | Blind SQL injection in the login form in ServiceTonic Helpdesk software < 9.0.35937 allows attacker to exfiltrate information via specially crafted HQL-compatible time-based SQL queries. |
| CVE-2021-28023 | 2021-11-08 | Arbitrary file upload in Service import feature in ServiceTonic Helpdesk software version < 9.0.35937 allows a malicious user to execute JSP code by uploading a zip that extracts files in... |
| CVE-2021-28024 | 2021-11-08 | Unauthorized system access in the login form in ServiceTonic Helpdesk software version < 9.0.35937 allows attacker to login without using a password. |
| CVE-2021-42770 | 2021-11-08 | A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. |
| CVE-2020-4152 | 2021-11-08 | IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force... |
| CVE-2020-4153 | 2021-11-08 | IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2020-4160 | 2021-11-08 | IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could... |
| CVE-2021-29735 | 2021-11-08 | IBM Security Guardium 10.5, 10.6, 11.0, 11.1, 11.2, and 11.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-29843 | 2021-11-08 | IBM MQ 9.1 LTS, 9.1 CD, 9.2 LTS, and 9.2CD is vulnerable to a denial of service attack caused by an issue processing message properties. IBM X-Force ID: 205203. |
| CVE-2021-24537 | 2021-11-08 | Similar Posts <= 3.1.5 - Admin+ Arbitrary PHP Code Execution |
| CVE-2021-24575 | 2021-11-08 | WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections |
| CVE-2021-24594 | 2021-11-08 | Translate WordPress - Google Language Translator < 6.0.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24607 | 2021-11-08 | Storefront Footer Text <= 1.0.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24616 | 2021-11-08 | AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24625 | 2021-11-08 | SpiderCatalog <= 1.7.3 - Admin+ SQL Injection |
| CVE-2021-24626 | 2021-11-08 | Chameleon CSS <= 1.2 - Subscriber+ SQL Injection |
| CVE-2021-24627 | 2021-11-08 | G Auto-Hyperlink <= 1.0.1 - Admin+ SQL Injection |
| CVE-2021-24628 | 2021-11-08 | Wow Forms <= 3.1.3 - Admin+ SQL Injection |
| CVE-2021-24629 | 2021-11-08 | Post Content XMLRPC <= 1.0 - Admin+ SQL Injections |
| CVE-2021-24630 | 2021-11-08 | Schreikasten <= 0.14.18 - Author+ SQL Injections |
| CVE-2021-24631 | 2021-11-08 | Unlimited PopUps <= 4.5.3 - Author+ SQL Injection |
| CVE-2021-24645 | 2021-11-08 | Booking.com Product Helper < 1.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24646 | 2021-11-08 | Booking.com Banner Creator < 1.4.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24647 | 2021-11-08 | Pie Register < 3.7.1.6 - Unauthenticated Arbitrary Login |
| CVE-2021-24664 | 2021-11-08 | WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24669 | 2021-11-08 | MAZ Loader < 1.3.3 - Contributor+ SQL Injection |
| CVE-2021-24674 | 2021-11-08 | Genie WP Favicon <= 0.5.2 - Arbitrary Favicon Change via CSRF |
| CVE-2021-24693 | 2021-11-08 | Simple Download Monitor < 3.9.5 - Contributor+ Stored Cross-Site Scripting via File Thumbnail |
| CVE-2021-24695 | 2021-11-08 | Simple Download Monitor < 3.9.6 - Unauthenticated Log Access |
| CVE-2021-24697 | 2021-11-08 | Simple Download Monitor < 3.9.5 - Reflected Cross-Site Scripting |
| CVE-2021-24698 | 2021-11-08 | Simple Download Monitor < 3.9.6 - Arbitrary Thumbnails Removal |
| CVE-2021-24701 | 2021-11-08 | Quiz Tool Lite <= 2.3.15 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24706 | 2021-11-08 | Qwizcards < 3.62 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24708 | 2021-11-08 | WP All Export < 1.3.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24710 | 2021-11-08 | Print-O-Matic < 2.0.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24721 | 2021-11-08 | Loco Translate < 2.5.4 - Authenticated PHP Code Injection |
| CVE-2021-24731 | 2021-11-08 | Pie Register < 3.7.1.6 - Unauthenticated SQL Injection |
| CVE-2021-24766 | 2021-11-08 | 404 to 301 < 3.0.9 - Logs Deletion via CSRF |
| CVE-2021-24767 | 2021-11-08 | Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF |
| CVE-2021-24783 | 2021-11-08 | Post Expirator < 2.6.0 - Contributor+ Arbitrary Post Schedule Deletion |
| CVE-2021-24788 | 2021-11-08 | Batch Cat <= 0.3 - Subscriber+ Arbitrary Categories Add/Set/Delete to Posts |
| CVE-2021-24791 | 2021-11-08 | Header Footer Code Manager < 1.1.14 - Admin+ SQL Injections |
| CVE-2021-24798 | 2021-11-08 | WP Header Images < 2.0.1 - Reflected Cross-Site Scripting |
| CVE-2021-24801 | 2021-11-08 | WP Survey Plus <= 1.0 - Subscriber+ AJAX Calls |
| CVE-2021-24806 | 2021-11-08 | wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF |
| CVE-2021-24807 | 2021-11-08 | Support Board < 3.3.5 - Agent+ Stored Cross-Site Scripting |
| CVE-2021-24816 | 2021-11-08 | Phoenix Media Rename < 3.4.4 - Author Arbitrary Media File Renaming |
| CVE-2021-24827 | 2021-11-08 | Asgaros Forum < 1.15.13 - Unauthenticated SQL Injection |
| CVE-2021-24829 | 2021-11-08 | Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection |
| CVE-2021-24832 | 2021-11-08 | WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF |
| CVE-2021-24835 | 2021-11-08 | WCFM - Frontend Manager for WooCommerce < 6.5.12 - Customer/Subscriber+ SQL Injection |
| CVE-2021-24840 | 2021-11-08 | Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure |
| CVE-2021-24844 | 2021-11-08 | Affiliate Manager < 2.8.7 - Admin+ SQL injection |
| CVE-2021-40577 | 2021-11-08 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. |
| CVE-2021-39420 | 2021-11-08 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. |
| CVE-2021-41170 | 2021-11-08 | Evaluation of closures can lead to execution of methods & functions in current program scope |
| CVE-2021-40260 | 2021-11-08 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php... |
| CVE-2021-40261 | 2021-11-08 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and... |
| CVE-2020-23572 | 2021-11-08 | BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. |
| CVE-2021-41253 | 2021-11-08 | Possible heap buffer overflow when using zycore string functions in formatter hooks |
| CVE-2021-43114 | 2021-11-09 | FORT Validator versions prior to 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access... |
| CVE-2021-43466 | 2021-11-09 | In the thymeleaf-spring5:3.0.12 component, thymeleaf combined with specific scenarios in template injection may lead to remote code execution. |
| CVE-2020-10052 | 2021-11-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local... |
| CVE-2020-10053 | 2021-11-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker... |
| CVE-2020-10054 | 2021-11-09 | A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker... |
| CVE-2021-31344 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400... |
| CVE-2021-31345 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions). The total length... |
| CVE-2021-31346 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400... |
| CVE-2021-31881 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP OFFER message, the DHCP... |
| CVE-2021-31882 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). The DHCP client application does not validate the... |