Lista CVE - 2021 / Novembre
Visualizzazione 501 - 600 di 1508 CVE per Novembre 2021 (Pagina 6 di 16)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-31883 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303). When processing a DHCP ACK message, the DHCP... |
| CVE-2021-31884 | 2021-11-09 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet)... |
| CVE-2021-31885 | 2021-11-09 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet)... |
| CVE-2021-31886 | 2021-11-09 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet)... |
| CVE-2021-31887 | 2021-11-09 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet)... |
| CVE-2021-31888 | 2021-11-09 | A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet)... |
| CVE-2021-31889 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400... |
| CVE-2021-31890 | 2021-11-09 | A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions < V2303), PLUSCONTROL 1st Gen (All versions), SIMOTICS CONNECT 400... |
| CVE-2021-37207 | 2021-11-09 | A vulnerability has been identified in SENTRON powermanager V3 (All versions). The affected application assigns improper access rights to a specific folder containing configuration files. This could allow an authenticated... |
| CVE-2021-40358 | 2021-11-09 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1... |
| CVE-2021-40359 | 2021-11-09 | A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC... |
| CVE-2021-40364 | 2021-11-09 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1... |
| CVE-2021-40366 | 2021-11-09 | A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.42), Climatix POL909 (AWM module) (All versions < V11.34). The web server of affected devices transmits data... |
| CVE-2021-42015 | 2021-11-09 | A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All... |
| CVE-2021-42021 | 2021-11-09 | A vulnerability has been identified in Siveillance Video DLNA Server (2019 R1), Siveillance Video DLNA Server (2019 R2), Siveillance Video DLNA Server (2019 R3), Siveillance Video DLNA Server (2020 R1),... |
| CVE-2021-42025 | 2021-11-09 | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of... |
| CVE-2021-42026 | 2021-11-09 | A vulnerability has been identified in Mendix Applications using Mendix 8 (All versions < V8.18.13), Mendix Applications using Mendix 9 (All versions < V9.6.2). Applications built with affected versions of... |
| CVE-2021-43519 | 2021-11-09 | Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file. |
| CVE-2019-18916 | 2021-11-09 | A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client. |
| CVE-2021-3641 | 2021-11-09 | Improper Link Resolution Before File Access in Bitdefender GravityZone (VA-9921) |
| CVE-2019-18914 | 2021-11-09 | A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious... |
| CVE-2021-43186 | 2021-11-09 | JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS. |
| CVE-2021-43185 | 2021-11-09 | JetBrains YouTrack before 2021.3.23639 is vulnerable to Host header injection. |
| CVE-2021-43184 | 2021-11-09 | In JetBrains YouTrack before 2021.3.21051, stored XSS is possible. |
| CVE-2021-43191 | 2021-11-09 | JetBrains YouTrack Mobile before 2021.2, is missing the security screen on Android and iOS. |
| CVE-2021-43192 | 2021-11-09 | In JetBrains YouTrack Mobile before 2021.2, iOS URL scheme hijacking is possible. |
| CVE-2021-43190 | 2021-11-09 | In JetBrains YouTrack Mobile before 2021.2, task hijacking on Android is possible. |
| CVE-2019-16240 | 2021-11-09 | A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously... |
| CVE-2021-43189 | 2021-11-09 | In JetBrains YouTrack Mobile before 2021.2, access token protection on Android is incomplete. |
| CVE-2021-43188 | 2021-11-09 | In JetBrains YouTrack Mobile before 2021.2, access token protection on iOS is incomplete. |
| CVE-2021-43187 | 2021-11-09 | In JetBrains YouTrack Mobile before 2021.2, the client-side cache on iOS could contain sensitive information. |
| CVE-2021-43201 | 2021-11-09 | In JetBrains TeamCity before 2021.1.3, a newly created project could take settings from an already deleted project. |
| CVE-2021-43200 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, permission checks in the Agent Push functionality were insufficient. |
| CVE-2021-43198 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, stored XSS is possible. |
| CVE-2021-43199 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, permission checks in the Create Patch functionality are insufficient. |
| CVE-2021-43197 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. |
| CVE-2021-43195 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, some HTTP security headers were missing. |
| CVE-2021-43196 | 2021-11-09 | In JetBrains TeamCity before 2021.1, information disclosure via the Docker Registry connection dialog is possible. |
| CVE-2021-43193 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, remote code execution via the agent push functionality is possible. |
| CVE-2021-43194 | 2021-11-09 | In JetBrains TeamCity before 2021.1.2, user enumeration was possible. |
| CVE-2021-43203 | 2021-11-09 | In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly. |
| CVE-2021-43183 | 2021-11-09 | In JetBrains Hub before 2021.1.13690, the authentication throttling mechanism could be bypassed. |
| CVE-2019-18912 | 2021-11-09 | A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability... |
| CVE-2021-43181 | 2021-11-09 | In JetBrains Hub before 2021.1.13690, stored XSS is possible. |
| CVE-2021-43182 | 2021-11-09 | In JetBrains Hub before 2021.1.13415, a DoS via user information is possible. |
| CVE-2021-43180 | 2021-11-09 | In JetBrains Hub before 2021.1.13690, information disclosure via avatar metadata is possible. |
| CVE-2021-43172 | 2021-11-09 | Infinite length chain of RRDP repositories |
| CVE-2021-43173 | 2021-11-09 | Hanging RRDP request |
| CVE-2021-43174 | 2021-11-09 | gzip transfer encoding caused out-of-memory crash |
| CVE-2020-28419 | 2021-11-09 | During installation with certain driver software or application packages an arbitrary code execution could occur. |
| CVE-2021-20119 | 2021-11-09 | The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. |
| CVE-2021-43569 | 2021-11-09 | The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. |
| CVE-2021-43572 | 2021-11-09 | The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures... |
| CVE-2021-43571 | 2021-11-09 | The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. |
| CVE-2021-43570 | 2021-11-09 | The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. |
| CVE-2021-43568 | 2021-11-09 | The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. |
| CVE-2021-35489 | 2021-11-09 | Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated... |
| CVE-2021-35488 | 2021-11-09 | Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user... |
| CVE-2021-43575 | 2021-11-09 | KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The... |
| CVE-2021-37158 | 2021-11-09 | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash... |
| CVE-2021-37157 | 2021-11-09 | An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. |
| CVE-2021-26443 | 2021-11-10 | Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability |
| CVE-2021-26444 | 2021-11-10 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-36957 | 2021-11-10 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
| CVE-2021-38631 | 2021-11-10 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2021-38665 | 2021-11-10 | Remote Desktop Protocol Client Information Disclosure Vulnerability |
| CVE-2021-38666 | 2021-11-10 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2021-40442 | 2021-11-10 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2021-41349 | 2021-11-10 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-41351 | 2021-11-10 | Microsoft Edge (Chrome based) Spoofing on IE Mode |
| CVE-2021-41356 | 2021-11-10 | Windows Denial of Service Vulnerability |
| CVE-2021-41366 | 2021-11-10 | Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability |
| CVE-2021-41367 | 2021-11-10 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-41368 | 2021-11-10 | Microsoft Access Remote Code Execution Vulnerability |
| CVE-2021-41370 | 2021-11-10 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-41371 | 2021-11-10 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2021-41372 | 2021-11-10 | Power BI Report Server Spoofing Vulnerability |
| CVE-2021-41373 | 2021-11-10 | FSLogix Information Disclosure Vulnerability |
| CVE-2021-41374 | 2021-11-10 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41375 | 2021-11-10 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41376 | 2021-11-10 | Azure Sphere Information Disclosure Vulnerability |
| CVE-2021-41377 | 2021-11-10 | Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
| CVE-2021-41378 | 2021-11-10 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2021-41379 | 2021-11-10 | Windows Installer Elevation of Privilege Vulnerability |
| CVE-2021-42274 | 2021-11-10 | Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability |
| CVE-2021-42275 | 2021-11-10 | Microsoft COM for Windows Remote Code Execution Vulnerability |
| CVE-2021-42276 | 2021-11-10 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| CVE-2021-42277 | 2021-11-10 | Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability |
| CVE-2021-42278 | 2021-11-10 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42279 | 2021-11-10 | Chakra Scripting Engine Memory Corruption Vulnerability |
| CVE-2021-42280 | 2021-11-10 | Windows Feedback Hub Elevation of Privilege Vulnerability |
| CVE-2021-42282 | 2021-11-10 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42283 | 2021-11-10 | NTFS Elevation of Privilege Vulnerability |
| CVE-2021-42284 | 2021-11-10 | Windows Hyper-V Denial of Service Vulnerability |
| CVE-2021-42285 | 2021-11-10 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2021-42286 | 2021-11-10 | Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability |
| CVE-2021-42287 | 2021-11-10 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42288 | 2021-11-10 | Windows Hello Security Feature Bypass Vulnerability |
| CVE-2021-42291 | 2021-11-10 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| CVE-2021-42292 | 2021-11-10 | Microsoft Excel Security Feature Bypass Vulnerability |