Lista CVE - 2021 / Dicembre
Visualizzazione 1101 - 1200 di 1978 CVE per Dicembre 2021 (Pagina 12 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-32498 | 2021-12-17 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When... |
| CVE-2021-32499 | 2021-12-17 | SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the command line arguments to pass in any value to the Emulator executable. |
| CVE-2021-0676 | 2021-12-17 | In geniezone driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User... |
| CVE-2021-0677 | 2021-12-17 | In ccu driver, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0678 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0679 | 2021-12-17 | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0893 | 2021-12-17 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0894 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0895 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0896 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0897 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0898 | 2021-12-17 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0899 | 2021-12-17 | In apusys, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0900 | 2021-12-17 | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0901 | 2021-12-17 | In apusys, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2021-0902 | 2021-12-17 | In apusys, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction... |
| CVE-2021-0673 | 2021-12-17 | In Audio Aurisys HAL, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.... |
| CVE-2021-0903 | 2021-12-17 | In apusys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2021-0674 | 2021-12-17 | In alac decoder, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-22054 | 2021-12-17 | VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. This issue may allow... |
| CVE-2021-20606 | 2021-12-17 | Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an... |
| CVE-2021-20608 | 2021-12-17 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior allows a remote unauthenticated attacker to cause a DoS condition in GX Works2 by... |
| CVE-2021-20607 | 2021-12-17 | Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket versions 5.4 and prior allows an... |
| CVE-2021-37862 | 2021-12-17 | Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token. |
| CVE-2021-37863 | 2021-12-17 | Mattermost 6.0 and earlier fails to sufficiently validate parameters during post creation, which allows authenticated attackers to cause a client-side crash of the web application via a maliciously crafted post. |
| CVE-2021-40850 | 2021-12-17 | TCMAN GIM SQL injection vulnerability |
| CVE-2021-40851 | 2021-12-17 | TCMAN GIM SQL injection vulnerability |
| CVE-2021-40852 | 2021-12-17 | TCMAN GIM open redirect vulnerability |
| CVE-2021-40853 | 2021-12-17 | TCMAN GIM missing authorization vulnerability |
| CVE-2020-8968 | 2021-12-17 | Parallels Remote Application Server credentials management errors |
| CVE-2020-18077 | 2021-12-17 | A buffer overflow vulnerability in the Virtual Path Mapping component of FTPShell v6.83 allows attackers to cause a denial of service (DoS). |
| CVE-2020-18078 | 2021-12-17 | A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. |
| CVE-2020-18081 | 2021-12-17 | The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. |
| CVE-2021-38883 | 2021-12-17 | IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript... |
| CVE-2021-43840 | 2021-12-17 | Path traversal in message_bus |
| CVE-2021-43838 | 2021-12-17 | Regular Expression Denial of Service (ReDoS) in jsx-slack |
| CVE-2021-33430 | 2021-12-17 | A Buffer Overflow vulnerability exists in NumPy 1.9.x in the PyArray_NewFromDescr_int function of ctors.c when specifying arrays of large dimensions (over 32) from Python code, which could let a malicious... |
| CVE-2021-34141 | 2021-12-17 | An incomplete string comparison in the numpy.core component in NumPy before 1.22.0 allows attackers to trigger slightly incorrect copying by constructing specific string objects. NOTE: the vendor states that this... |
| CVE-2021-41495 | 2021-12-17 | Null Pointer Dereference vulnerability exists in numpy.sort in NumPy < and 1.19 in the PyArray_DescrNew function due to missing return-value validation, which allows attackers to conduct DoS attacks by repetitively... |
| CVE-2021-41496 | 2021-12-17 | Buffer overflow in the array_from_pyobj function of fortranobject.c in NumPy < 1.19, which allows attackers to conduct a Denial of Service attacks by carefully constructing an array with negative values.... |
| CVE-2021-23814 | 2021-12-17 | This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload() function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following... |
| CVE-2021-23797 | 2021-12-17 | Directory Traversal |
| CVE-2021-23450 | 2021-12-17 | Prototype Pollution |
| CVE-2021-23803 | 2021-12-17 | Access Control Bypass |
| CVE-2021-41497 | 2021-12-17 | Null pointer reference in CMS_Conservative_increment_obj in RaRe-Technologies bounter version 1.01 and 1.10, allows attackers to conduct Denial of Service attacks by inputting a huge width of hash bucket. |
| CVE-2021-41498 | 2021-12-17 | Buffer overflow in ajaxsoundstudio.com Pyo < and 1.03 in the Server_jack_init function. which allows attackers to conduct Denial of Service attacks by arbitrary constructing a overlong server name. |
| CVE-2021-41499 | 2021-12-17 | Buffer Overflow Vulnerability exists in ajaxsoundstudio.com n Pyo < 1.03 in the Server_debug function, which allows remote attackers to conduct DoS attacks by deliberately passing on an overlong audio file... |
| CVE-2021-41500 | 2021-12-17 | Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects. |
| CVE-2021-4130 | 2021-12-18 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-4131 | 2021-12-18 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-45105 | 2021-12-18 | Apache Log4j2 does not always protect from infinite recursion in lookup evaluation |
| CVE-2021-43083 | 2021-12-19 | Apache PLC4X 0.9.0 Buffer overflow in PLC4C via crafted server response |
| CVE-2021-45041 | 2021-12-19 | SuiteCRM before 7.12.2 and 8.x before 8.0.1 allows authenticated SQL injection via the Tooltips action in the Project module, involving resource_id and start_date. |
| CVE-2021-4136 | 2021-12-19 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3860 | 2021-12-20 | JFrog Artifactory before 7.25.4 (Enterprise+ deployments only), is vulnerable to Blind SQL Injection by a low privileged authenticated user due to incomplete validation when performing an SQL query. |
| CVE-2021-44790 | 2021-12-20 | Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier |
| CVE-2021-44858 | 2021-12-20 | An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages... |
| CVE-2021-44732 | 2021-12-20 | Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure. |
| CVE-2021-44159 | 2021-12-20 | 4MOSAn GCB Doctor - Unrestricted Upload of File |
| CVE-2021-44162 | 2021-12-20 | Chain Sea Information Integration Co., Ltd ai chatbot system - Path Traversal |
| CVE-2021-44163 | 2021-12-20 | Chain Sea Information Integration Co., Ltd ai chatbot system - Reflected XSS |
| CVE-2021-44164 | 2021-12-20 | Chain Sea Information Integration Co., Ltd ai chatbot system - Arbitrary File Upload |
| CVE-2021-42913 | 2021-12-20 | The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication... |
| CVE-2021-44263 | 2021-12-20 | Gurock TestRail before 7.2.4 mishandles HTML escaping. |
| CVE-2021-44554 | 2021-12-20 | Thinfinity VirtualUI before 3.0 allows a malicious actor to enumerate users registered in the OS (Windows) through the /changePassword URI. By accessing the vector, an attacker can determine if a... |
| CVE-2021-41561 | 2021-12-20 | Apache Parquet-MR potential DoS in case of malicious Parquet file |
| CVE-2021-44224 | 2021-12-20 | Possible NULL dereference or SSRF in forward proxy configurations in Apache HTTP Server 2.4.51 and earlier |
| CVE-2021-44916 | 2021-12-20 | Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript... |
| CVE-2020-8105 | 2021-12-20 | Command Execution due to unsanitized input |
| CVE-2021-44676 | 2021-12-20 | Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements (e.g., access control details) and modify a few aspects of the application state. |
| CVE-2021-44675 | 2021-12-20 | Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated remote code execution due to a filter bypass in which authentication is not required. |
| CVE-2021-44525 | 2021-12-20 | Zoho ManageEngine PAM360 before build 5303 allows attackers to modify a few aspects of application state because of a filter bypass in which authentication is not required. |
| CVE-2021-43440 | 2021-12-20 | Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. |
| CVE-2021-43441 | 2021-12-20 | An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form |
| CVE-2021-43439 | 2021-12-20 | RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely |
| CVE-2021-43438 | 2021-12-20 | Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field |
| CVE-2021-43437 | 2021-12-20 | In sourcecodetester Engineers Online Portal as of 10-21-21, an attacker can manipulate the Host header as seen by the web application and cause the application to behave in unexpected ways.... |
| CVE-2020-19316 | 2021-12-20 | OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. |
| CVE-2021-36889 | 2021-12-20 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-36887 | 2021-12-20 | WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.5.4 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) |
| CVE-2021-35248 | 2021-12-20 | Unrestricted access to Orion.UserSettings SWIS entity for low-privilege users |
| CVE-2021-35244 | 2021-12-20 | Unrestricted File Upload Causing Remote Code Execution: Orion Platform 2020.2.6 |
| CVE-2021-35234 | 2021-12-20 | Exposed Dangerous Functions - Privileged Escalation |
| CVE-2021-22057 | 2021-12-20 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass vulnerability. A malicious actor, who has successfully provided first-factor authentication, may be able to obtain second-factor authentication provided... |
| CVE-2021-22056 | 2021-12-20 | VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. A malicious actor with network access may be able to make... |
| CVE-2021-43026 | 2021-12-20 | Adobe Premiere Rush MXF File Memory Corruption Remote Code Execution |
| CVE-2021-40783 | 2021-12-20 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution |
| CVE-2021-43028 | 2021-12-20 | Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution |
| CVE-2021-43029 | 2021-12-20 | Adobe Premiere Rush M4A File Memory Corruption Remote Code Execution |
| CVE-2021-43021 | 2021-12-20 | Adobe Premiere Rush EXR File Memory Corruption Remote Code Execution |
| CVE-2021-43747 | 2021-12-20 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution |
| CVE-2021-43022 | 2021-12-20 | Adobe Premiere Rush PNG File Memory Corruption Remote Code Execution |
| CVE-2021-43024 | 2021-12-20 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution |
| CVE-2021-43748 | 2021-12-20 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service |
| CVE-2021-40784 | 2021-12-20 | Adobe Premiere Rush WAV File Memory Corruption Remote Code Execution |
| CVE-2021-43749 | 2021-12-20 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service |
| CVE-2021-43030 | 2021-12-20 | Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-43025 | 2021-12-20 | Adobe Premiere Rush SVG File Memory Corruption Remote Code Execution |
| CVE-2021-43023 | 2021-12-20 | Adobe Premiere Rush EPS/TIFF File Memory Corruption Remote Code Execution |
| CVE-2021-43750 | 2021-12-20 | Adobe Premiere Rush NULL Pointer Dereference Local Denial-of-Service |