Lista CVE - 2021 / Dicembre

Visualizzazione 501 - 600 di 1978 CVE per Dicembre 2021 (Pagina 6 di 20)

Torna alla Lista Precedente Successivo

ID CVE	Data	Titolo
CVE-2021-41695	2021-12-09	An SQL Injection vulnerability exists in Premiumdatingscript 4.2.7.7 via the...
CVE-2021-21954	2021-12-09	A command execution vulnerability exists in the wifi_country_code_update functionality of...
CVE-2021-21955	2021-12-09	An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of...
CVE-2021-41696	2021-12-09	An authentication bypass (account takeover) vulnerability exists in Premiumdatingscript 4.2.7.7...
CVE-2021-41697	2021-12-09	A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript...
CVE-2021-40279	2021-12-09	An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,...
CVE-2021-41246	2021-12-09	Session fixation in express-openid-connect
CVE-2021-4038	2021-12-09	NSM vulnerable to XSS
CVE-2021-40280	2021-12-09	An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020,...
CVE-2021-40281	2021-12-09	An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,...
CVE-2021-40282	2021-12-09	An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020,...
CVE-2021-43703	2021-12-09	An Incorrect Access Control vulnerability exists in zzcms less than...
CVE-2021-41265	2021-12-09	Improper Authentication in Flask-AppBuilder
CVE-2021-20373	2021-12-09	IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be...
CVE-2021-29678	2021-12-09	IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect...
CVE-2021-38926	2021-12-09	IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect...
CVE-2021-38931	2021-12-09	IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect...
CVE-2021-38951	2021-12-09	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is...
CVE-2021-39002	2021-12-09	IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect...
CVE-2021-22568	2021-12-09	Dart - Publishing to third-party package repositories may expose pub.dev credentials
CVE-2020-19682	2021-12-09	A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS...
CVE-2020-19683	2021-12-09	A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via...
CVE-2021-43608	2021-12-09	Doctrine DBAL 3.x before 3.1.4 allows SQL Injection. The escaping...
CVE-2021-44514	2021-12-09	OpUtils in Zoho ManageEngine OpManager 12.5 before 125490 mishandles authentication...
CVE-2021-4033	2021-12-09	Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2
CVE-2021-37861	2021-12-09	Mattermost 6.0.2 and earlier fails to sufficiently sanitize user's password...
CVE-2021-43982	2021-12-09	Delta Electronics CNCSoft
CVE-2021-43802	2021-12-09	Admin privilege escalation and arbitrary code execution via malicious *.etherpad imports
CVE-2021-43803	2021-12-09	Unexpected server crash in Next.js
CVE-2021-44228	2021-12-10	Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints
CVE-2021-4082	2021-12-10	Cross-Site Request Forgery (CSRF) in pimcore/pimcore
CVE-2021-4081	2021-12-10	Cross-site Scripting (XSS) - Reflected in pimcore/pimcore
CVE-2021-4084	2021-12-10	Cross-site Scripting (XSS) - Stored in pimcore/pimcore
CVE-2021-35978	2021-12-10	An issue was discovered in Digi TransPort DR64, SR44 VC74,...
CVE-2021-37187	2021-12-10	An issue was discovered on Digi TransPort devices through 2021-07-21....
CVE-2021-37188	2021-12-10	An issue was discovered on Digi TransPort devices through 2021-07-21....
CVE-2021-37189	2021-12-10	An issue was discovered on Digi TransPort Gateway devices through...
CVE-2021-40834	2021-12-10	User interface Spoofing in F-Secure SAFE browser for Android
CVE-2021-3829	2021-12-10	Open Redirect in openwhyd/openwhyd
CVE-2021-37935	2021-12-10	An information disclosure vulnerability in the login page of Huntflow...
CVE-2021-37934	2021-12-10	Due to insufficient server-side login-attempt limit enforcement, a vulnerability in...
CVE-2021-29214	2021-12-10	A security vulnerability has been identified in HPE StoreServ Management...
CVE-2021-36911	2021-12-10	WordPress Comment Engine Pro plugin <= 1.0 - Stored Cross-Site Scripting (XSS) vulnerability
CVE-2021-43813	2021-12-10	Directory Traversal in Grafana
CVE-2021-31745	2021-12-10	Session Fixation vulnerability in login.php in Pluck-CMS Pluck 4.7.15 allows...
CVE-2021-31746	2021-12-10	Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker...
CVE-2021-38917	2021-12-10	IBM PowerVM Hypervisor FW860, FW940, and FW950 could allow an...
CVE-2021-38937	2021-12-10	IBM PowerVM Hypervisor FW940, FW950, and FW1010 could allow an...
CVE-2021-31747	2021-12-10	Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in...
CVE-2021-27983	2021-12-10	Remote Code Execution (RCE) vulnerability exists in MaxSite CMS v107.5...
CVE-2021-27984	2021-12-10	In Pluck-4.7.15 admin background a remote command execution vulnerability exists...
CVE-2021-4089	2021-12-10	Improper Access Control in snipe/snipe-it
CVE-2021-23463	2021-12-10	XML External Entity (XXE) Injection
CVE-2021-23561	2021-12-10	Prototype Pollution
CVE-2021-23639	2021-12-10	Remote Code Execution (RCE)
CVE-2021-23700	2021-12-10	Prototype Pollution
CVE-2021-23663	2021-12-10	Prototype Pollution
CVE-2021-43815	2021-12-10	Grafana directory traversal for `.cvs` files
CVE-2021-26340	2021-12-10	A malicious hypervisor in conjunction with an unprivileged attacker process...
CVE-2020-12890	2021-12-10	Improper handling of pointers in the System Management Mode (SMM)...
CVE-2021-41242	2021-12-10	Path Traversal in some REST methods leading to file upload to arbitrary places
CVE-2021-4092	2021-12-11	Cross-Site Request Forgery (CSRF) in yetiforcecompany/yetiforcecrm
CVE-2021-4097	2021-12-11	CRLF Injection in phpservermon/phpservermon
CVE-2021-44515	2021-12-12	Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading...
CVE-2021-41805	2021-12-12	HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x...
CVE-2021-44833	2021-12-12	The CLI 1.0.0 for Amazon AWS OpenSearch has weak permissions...
CVE-2021-44151	2021-12-13	An issue was discovered in Reprise RLM 14.2. As the...
CVE-2021-44152	2021-12-13	An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process...
CVE-2021-44155	2021-12-13	An issue was discovered in /goform/login_process in Reprise RLM 14.2....
CVE-2018-25022	2021-12-13	The Onion module in toxcore before 0.2.2 doesn't restrict which...
CVE-2021-44847	2021-12-13	A stack-based buffer overflow in handle_request function in DHT.c in...
CVE-2018-25021	2021-12-13	The TCP Server module in toxcore before 0.2.8 doesn't free...
CVE-2021-44848	2021-12-13	In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses...
CVE-2021-40856	2021-12-13	Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices...
CVE-2021-40857	2021-12-13	Auerswald COMpact 5500R devices before 8.2B allow Privilege Escalation via...
CVE-2021-40858	2021-12-13	Auerswald COMpact 5500R devices before 8.2B allow Arbitrary File Disclosure....
CVE-2021-44153	2021-12-13	An issue was discovered in Reprise RLM 14.2. When editing...
CVE-2021-44154	2021-12-13	An issue was discovered in Reprise RLM 14.2. By using...
CVE-2021-20865	2021-12-13	Advanced Custom Fields versions prior to 5.11 and Advanced Custom...
CVE-2021-20866	2021-12-13	Advanced Custom Fields versions prior to 5.11 and Advanced Custom...
CVE-2021-20867	2021-12-13	Advanced Custom Fields versions prior to 5.11 and Advanced Custom...
CVE-2021-24705	2021-12-13	NEX-Forms < 8.4.3 - Stored Cross-Site Scripting via CSRF
CVE-2021-24747	2021-12-13	SEO Booster < 3.8 - Admin+ SQL Injection
CVE-2021-24756	2021-12-13	WP System Log < 1.0.21 - Unauthenticated Stored Cross-Site Scripting
CVE-2021-24771	2021-12-13	Inspirational Quote Rotator <= 1.0.0 - Admin+ Stored Cross-Site Scripting
CVE-2021-24780	2021-12-13	Single Post Exporter <= 1.1.1 - Plugin's Settings Update via CSRF
CVE-2021-24782	2021-12-13	Flex Local Fonts <= 1.0.0 - Admin+ Stored Cross-Site-Scripting
CVE-2021-24784	2021-12-13	WP Admin Logo Changer <= 1.0 - Plugin's Settings Update via CSRF
CVE-2021-24790	2021-12-13	Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls
CVE-2021-24792	2021-12-13	Shiny Buttons <= 1.1.0 - Unauthenticated Stored Cross-Site Scripting
CVE-2021-24795	2021-12-13	Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF
CVE-2021-24817	2021-12-13	Ultimate NoFollow <= 1.4.8 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24818	2021-12-13	WP Limits <= 1.0 - Plugin's Settings Update via CSRF
CVE-2021-24819	2021-12-13	Page/Post Content Shortcode <= 1.0 - Contributor+ Arbitrary Posts/Pages Access
CVE-2021-24836	2021-12-13	Temporary Login Without Password < 1.7.1 - Subscriber+ Plugin's Settings Update
CVE-2021-24845	2021-12-13	Improved Include Page <= 1.2 - Contributor+ Arbitrary Posts/Pages Access
CVE-2021-24848	2021-12-13	Mediamatic < 2.8.1 - Subscriber+ SQL Injection
CVE-2021-24855	2021-12-13	Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting
CVE-2021-24857	2021-12-13	ToTop Link <= 1.7.1 - Unauthenticated PHP Object Injection
CVE-2021-24859	2021-12-13	User Meta Shortcodes <= 0.5 - Contributor+ Unauthorized Arbitrary User Metadata Access