Lista CVE - 2021 / Novembre
Visualizzazione 201 - 300 di 1508 CVE per Novembre 2021 (Pagina 3 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-26786 | 2021-11-03 | An issue was discoverered in in customercentric-selling-poland PlayTube, allows authenticated attackers to execute arbitrary code via the purchace code to the config.php. |
| CVE-2020-20982 | 2021-11-03 | Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php. |
| CVE-2020-24743 | 2021-11-03 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. |
| CVE-2021-27836 | 2021-11-03 | An issue was discoverered in in function xls_getWorkSheet in xls.c in libxls 1.6.2, allows attackers to cause a denial of service, via a crafted XLS file. |
| CVE-2020-24000 | 2021-11-03 | SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. |
| CVE-2021-40985 | 2021-11-03 | A stack-based buffer under-read in htmldoc before 1.9.12, allows attackers to cause a denial of service via a crafted BMP image to image_load_bmp. |
| CVE-2020-23679 | 2021-11-03 | Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field. |
| CVE-2020-23680 | 2021-11-03 | An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. |
| CVE-2021-23820 | 2021-11-03 | Prototype Pollution |
| CVE-2021-23624 | 2021-11-03 | Prototype Pollution |
| CVE-2021-23807 | 2021-11-03 | Prototype Pollution |
| CVE-2021-23509 | 2021-11-03 | Prototype Pollution |
| CVE-2021-23784 | 2021-11-03 | Cross-site Scripting (XSS) |
| CVE-2021-23472 | 2021-11-03 | Cross-site Scripting (XSS) |
| CVE-2021-41134 | 2021-11-03 | Stored XSS in Jupyter nbdime |
| CVE-2020-18259 | 2021-11-03 | ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2020-18261 | 2021-11-03 | An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands. |
| CVE-2020-18262 | 2021-11-03 | ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. |
| CVE-2020-18263 | 2021-11-03 | PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. |
| CVE-2021-41174 | 2021-11-03 | XSS vulnerability allowing arbitrary JavaScript execution |
| CVE-2021-43140 | 2021-11-03 | SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. |
| CVE-2021-43141 | 2021-11-03 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. |
| CVE-2020-28416 | 2021-11-03 | HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code... |
| CVE-2021-38411 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38418 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38422 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38403 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38424 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38407 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38420 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38428 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38416 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2021-38488 | 2021-11-03 | Delta Electronics DIALink |
| CVE-2020-6931 | 2021-11-03 | HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege. |
| CVE-2021-33800 | 2021-11-03 | In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal. |
| CVE-2021-35053 | 2021-11-03 | Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the... |
| CVE-2021-41492 | 2021-11-03 | Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the... |
| CVE-2021-42772 | 2021-11-03 | Broadcom Emulex HBA Manager/One Command Manager versions before 11.4.425.0 and 12.8.542.31, if not installed in Strictly Local Management mode, have a buffer overflow vulnerability in the remote GetDumpFile command that... |
| CVE-2021-22960 | 2021-11-03 | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. |
| CVE-2021-43339 | 2021-11-03 | In Ericsson Network Location before 2021-07-31, it is possible for an authenticated attacker to inject commands via file_name in the export functionality. For example, a new admin user could be... |
| CVE-2021-43032 | 2021-11-03 | In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body... |
| CVE-2021-41562 | 2021-11-03 | Deletion of arbitrary files vulnerability in Snow Agent for Windows |
| CVE-2021-21693 | 2021-11-04 | When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-43400 | 2021-11-04 | An issue was discovered in gatt-database.c in BlueZ 5.61. A use-after-free can occur when a client disconnects during D-Bus processing of a WriteValue call. |
| CVE-2021-34594 | 2021-11-04 | Beckhoff: Relative path traversal vulnerability through TwinCAT OPC UA Server |
| CVE-2021-34597 | 2021-11-04 | Phoenix Contact: PC Worx/-Express prone to improper input validation vulnerability |
| CVE-2020-25367 | 2021-11-04 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in... |
| CVE-2020-25366 | 2021-11-04 | An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. |
| CVE-2020-25368 | 2021-11-04 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in... |
| CVE-2021-42624 | 2021-11-04 | A local buffer overflow vulnerability exists in the latest version of Miniftpd in ftpproto.c through the tmp variable, where a crafted payload can be sent to the affected function. |
| CVE-2021-40127 | 2021-11-04 | Cisco Small Business 200, 300, and 500 Series Switches Web-Based Management Interface Denial of Service Vulnerability |
| CVE-2021-40128 | 2021-11-04 | Cisco Webex Meetings Email Content Injection Vulnerability |
| CVE-2021-34773 | 2021-11-04 | Cisco Unified Communications Products Cross-Site Request Forgery Vulnerability |
| CVE-2021-34774 | 2021-11-04 | Cisco Common Services Platform Collector Information Disclosure Vulnerability |
| CVE-2021-34795 | 2021-11-04 | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40112 | 2021-11-04 | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40113 | 2021-11-04 | Cisco Catalyst PON Series Switches Optical Network Terminal Vulnerabilities |
| CVE-2021-40115 | 2021-11-04 | Cisco Webex Video Mesh Cross-Site Scripting Vulnerability |
| CVE-2021-40119 | 2021-11-04 | Cisco Policy Suite Static SSH Keys Vulnerability |
| CVE-2021-40120 | 2021-11-04 | Cisco Small Business RV Series Routers Command Injection Vulnerability |
| CVE-2021-40124 | 2021-11-04 | Cisco AnyConnect Secure Mobility Client for Windows with Network Access Manager Module Privilege Escalation Vulnerability |
| CVE-2021-40126 | 2021-11-04 | Cisco Umbrella Email Enumeration Vulnerability |
| CVE-2021-34784 | 2021-11-04 | Cisco Prime Infrastructure and Evolved Programmable Network Manager Stored Cross-Site Scripting Vulnerability |
| CVE-2021-34741 | 2021-11-04 | Cisco Email Security Appliance Denial of Service Vulnerability |
| CVE-2021-34739 | 2021-11-04 | Cisco Small Business Series Switches Session Credentials Replay Vulnerability |
| CVE-2021-34731 | 2021-11-04 | Cisco Prime Access Registrar Stored Cross-Site Scripting Vulnerability |
| CVE-2021-34701 | 2021-11-04 | Cisco Unified Communications Products Path Traversal Vulnerability |
| CVE-2021-1500 | 2021-11-04 | Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability |
| CVE-2021-21685 | 2021-11-04 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs. |
| CVE-2021-21686 | 2021-11-04 | File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed... |
| CVE-2021-21687 | 2021-11-04 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create symbolic links when unarchiving a symbolic link in FilePath#untar. |
| CVE-2021-21688 | 2021-11-04 | The agent-to-controller security check FilePath#reading(FileVisitor) in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not reject any operations, allowing users to have unrestricted read access using certain operations (creating... |
| CVE-2021-21689 | 2021-11-04 | FilePath#unzip and FilePath#untar were not subject to any agent-to-controller access control in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-21690 | 2021-11-04 | Agent processes are able to completely bypass file path filtering by wrapping the file operation in an agent file path in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-21691 | 2021-11-04 | Creating symbolic links is possible without the 'symlink' agent-to-controller access control permission in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-21692 | 2021-11-04 | FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'. |
| CVE-2021-21694 | 2021-11-04 | FilePath#toURI, FilePath#hasSymlink, FilePath#absolutize, FilePath#isDescendant, and FilePath#get*DiskSpace do not check any permissions in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-21695 | 2021-11-04 | FilePath#listFiles lists files outside directories that agents are allowed to access when following symbolic links in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. |
| CVE-2021-21696 | 2021-11-04 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not limit agent read/write access to the libs/ directory inside build directories when using the FilePath APIs, allowing attackers in control... |
| CVE-2021-21697 | 2021-11-04 | Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allows any agent to read and write the contents of any build directory stored in Jenkins with very few restrictions. |
| CVE-2021-21698 | 2021-11-04 | Jenkins Subversion Plugin 2.15.0 and earlier does not restrict the name of a file when looking up a subversion key file on the controller from an agent. |
| CVE-2021-41247 | 2021-11-04 | incomplete logout in JupyterHub |
| CVE-2021-43281 | 2021-11-04 | MyBB before 1.8.29 allows Remote Code Injection by an admin with the "Can manage settings?" permission. The Admin CP's Settings management module does not validate setting types correctly on insertion... |
| CVE-2021-43293 | 2021-11-04 | Sonatype Nexus Repository Manager 3.x before 3.36.0 allows a remote authenticated attacker to potentially perform network enumeration via Server Side Request Forgery (SSRF). |
| CVE-2021-43389 | 2021-11-04 | An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. |
| CVE-2020-21139 | 2021-11-04 | EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add. |
| CVE-2021-43396 | 2021-11-04 | In iconvdata/iso-2022-jp-3.c in the GNU C Library (aka glibc) 2.34, remote attackers can force iconv() to emit a spurious '\0' character via crafted ISO-2022-JP-3 data that is accompanied by an... |
| CVE-2021-41249 | 2021-11-04 | XSS vulnerability in GraphQL Playground |
| CVE-2021-43398 | 2021-11-04 | Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). There is a clear correlation between execution time and private key length, which may cause disclosure of the... |
| CVE-2021-41248 | 2021-11-04 | XSS vulnerability in GraphiQL |
| CVE-2021-42057 | 2021-11-04 | Obsidian Dataview through 0.4.12-hotfix1 allows eval injection. The evalInContext function in executes user input, which allows an attacker to craft malicious Markdown files that will execute arbitrary code once opened.... |
| CVE-2021-39914 | 2021-11-04 | A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was... |
| CVE-2021-39902 | 2021-11-04 | Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. |
| CVE-2021-39903 | 2021-11-04 | In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted... |
| CVE-2021-39909 | 2021-11-04 | Lack of email address ownership verification in the CODEOWNERS feature in all versions of GitLab EE starting from 11.3 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all... |
| CVE-2021-39906 | 2021-11-04 | Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf. |
| CVE-2021-39912 | 2021-11-04 | A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion. |
| CVE-2021-39897 | 2021-11-04 | Improper access control in GitLab CE/EE version 10.5 and above allowed subgroup members with inherited access to a project from a parent group to still have access even after the... |
| CVE-2021-39913 | 2021-11-04 | Accidental logging of system root password in the migration log in all versions of GitLab CE/EE before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from... |
| CVE-2021-39901 | 2021-11-04 | In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. |