Lista CVE - 2021 / Dicembre
Visualizzazione 101 - 200 di 1978 CVE per Dicembre 2021 (Pagina 2 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-40334 | 2021-12-02 | SSH activation problem in the proprietary management protocol (port TCP 5558) |
| CVE-2021-40333 | 2021-12-02 | Weak default credential associated with TCP port 26 |
| CVE-2021-43327 | 2021-12-02 | An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can... |
| CVE-2021-28236 | 2021-12-02 | LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c. |
| CVE-2021-28237 | 2021-12-02 | LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13. |
| CVE-2020-29176 | 2021-12-02 | An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. |
| CVE-2020-29177 | 2021-12-02 | Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_del.php. |
| CVE-2021-25783 | 2021-12-02 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search. |
| CVE-2021-25784 | 2021-12-02 | Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Edit Article. |
| CVE-2021-25785 | 2021-12-02 | Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. |
| CVE-2021-4000 | 2021-12-03 | Open Redirect in star7th/showdoc |
| CVE-2021-43772 | 2021-12-03 | Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection. |
| CVE-2021-44019 | 2021-12-03 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2021-44020 | 2021-12-03 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2021-44021 | 2021-12-03 | An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain... |
| CVE-2021-44022 | 2021-12-03 | A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must... |
| CVE-2021-43673 | 2021-12-03 | dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). |
| CVE-2021-43674 | 2021-12-03 | ThinkUp 2.0-beta.10 is affected by a path manipulation vulnerability in Smarty.class.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer |
| CVE-2021-44278 | 2021-12-03 | Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. |
| CVE-2021-43676 | 2021-12-03 | matyhtf framework v3.0.5 is affected by a path manipulation vulnerability in Smarty.class.php. |
| CVE-2021-43991 | 2021-12-03 | Persistent XSS via Avatar Upload in Kentico Xperience CMS |
| CVE-2021-3980 | 2021-12-03 | Exposure of Private Personal Information to an Unauthorized Actor in elgg/elgg |
| CVE-2021-20470 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID:... |
| CVE-2021-20493 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-29716 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow a low level user to reas of the application that privileged user should only be allowed to view. IBM X-Force ID: 201087. |
| CVE-2021-29719 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 could be vulnerable to client side vulnerabilties due to a web response specifying an incorrect content type. IBM X-Force ID: 201091 |
| CVE-2021-29756 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site request forgery (CSRF) in the My Inbox page which could allow an attacker to execute malicious and unauthorized actions transmitted... |
| CVE-2021-29867 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated to view or edit a Jupyter notebook that they should not have access to. IBM X-Force ID: 206212. |
| CVE-2021-38909 | 2021-12-03 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-44352 | 2021-12-03 | A Stack-based Buffer Overflow vulnerability exists in the Tenda AC15 V15.03.05.18_multi device via the list parameter in a post request in goform/SetIpMacBind. |
| CVE-2021-44347 | 2021-12-03 | SQL Injection vulnerability exists in TuziCMS v2.0.6 in App\Manage\Controller\GuestbookController.class.php. |
| CVE-2021-44348 | 2021-12-03 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameer in App\Manage\Controller\AdvertController.class.php. |
| CVE-2021-44349 | 2021-12-03 | SQL Injection vulnerability exists in TuziCMS v2.0.6 via the id parameter in App\Manage\Controller\DownloadController.class.php. |
| CVE-2021-35344 | 2021-12-03 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function BitStreamReader::getCurVal in bitStream.h. |
| CVE-2021-35346 | 2021-12-03 | tsMuxer v2.6.16 was discovered to contain a heap-based buffer overflow via the function HevcSpsUnit::short_term_ref_pic_set(int) in hevc.cpp. |
| CVE-2021-23562 | 2021-12-03 | Arbitrary File Upload |
| CVE-2021-23758 | 2021-12-03 | Deserialization of Untrusted Data |
| CVE-2021-35413 | 2021-12-03 | A remote code execution (RCE) vulnerability in course_intro_pdf_import.php of Chamilo LMS v1.11.x allows authenticated attackers to execute arbitrary code via a crafted .htaccess file. |
| CVE-2021-35414 | 2021-12-03 | Chamilo LMS v1.11.x was discovered to contain a SQL injection via the doc parameter in main/plagiarism/compilatio/upload.php. |
| CVE-2021-35415 | 2021-12-03 | A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. |
| CVE-2021-43415 | 2021-12-03 | HashiCorp Nomad and Nomad Enterprise up to 1.0.13, 1.1.7, and 1.2.0, with the QEMU task driver enabled, allowed authenticated users with job submission capabilities to bypass the configured allowed image... |
| CVE-2021-4005 | 2021-12-04 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-37253 | 2021-12-05 | M-Files Web before 20.10.9524.1 allows a denial of service via overlapping ranges (in HTTP requests with crafted Range or Request-Range headers). NOTE: this is disputed because the range behavior is... |
| CVE-2021-44044 | 2021-12-05 | An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a... |
| CVE-2021-44045 | 2021-12-05 | An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data... |
| CVE-2021-44046 | 2021-12-05 | An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D... |
| CVE-2021-44047 | 2021-12-05 | A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX... |
| CVE-2021-44048 | 2021-12-05 | An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in... |
| CVE-2021-4069 | 2021-12-06 | Use After Free in vim/vim |
| CVE-2021-43033 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Multiple functions in the bpserverd daemon were vulnerable to arbitrary remote code execution as root. The vulnerability was caused... |
| CVE-2021-43034 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file allowed local users to execute arbitrary code as the user apache, leading to privilege escalation. |
| CVE-2021-43035 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. Two unauthenticated SQL injection vulnerabilities were discovered, allowing arbitrary SQL queries to be injected and executed under the postgres... |
| CVE-2021-43036 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the PostgreSQL wguest account is weak. |
| CVE-2021-43037 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed... |
| CVE-2021-43038 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The wguest account could execute commands by injecting into PostgreSQL trigger functions. This allowed privilege escalation from the wguest... |
| CVE-2021-43039 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Samba file sharing service allowed anonymous read/write access. |
| CVE-2021-43040 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged vaultServer could be leveraged to create arbitrary writable files, leading to privilege escalation. |
| CVE-2021-43041 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A crafted HTTP request could induce a format string vulnerability in the privileged vaultServer application. |
| CVE-2021-43042 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A buffer overflow existed in the vaultServer component. This was exploitable by a remote unauthenticated attacker. |
| CVE-2021-43043 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The apache user could read arbitrary files such as /etc/shadow by abusing an insecure Sudo rule. |
| CVE-2021-43044 | 2021-12-06 | An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The SNMP daemon was configured with a weak default community. |
| CVE-2021-43784 | 2021-12-06 | Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration |
| CVE-2021-43469 | 2021-12-06 | VINGA WR-N300U 77.102.1.4853 is affected by a command execution vulnerability in the goahead component. |
| CVE-2021-43471 | 2021-12-06 | In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating... |
| CVE-2021-24714 | 2021-12-06 | WP All Import < 3.6.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24718 | 2021-12-06 | ARForms Form Builder < 1.5 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24759 | 2021-12-06 | PDF.js Viewer < 2.0.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24866 | 2021-12-06 | WP Data Access < 5.0.0 - Admin+ SQL Injection |
| CVE-2021-24914 | 2021-12-06 | Tawk.to Live Chat < 0.6.0 - Subscriber+ Visitor Monitoring & Chat Removal |
| CVE-2021-24917 | 2021-12-06 | WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header |
| CVE-2021-24924 | 2021-12-06 | Email Log < 2.4.8 - Reflected Cross-Site Scripting |
| CVE-2021-24930 | 2021-12-06 | Bookly < 20.3.1 - Staff Member Stored Cross-Site Scripting |
| CVE-2021-24931 | 2021-12-06 | Secure Copy Content Protection and Content Locking < 2.8.2 - Unauthenticated SQL Injection |
| CVE-2021-24935 | 2021-12-06 | WP Google Fonts < 3.1.5 - Reflected Cross-Site Scripting |
| CVE-2021-24938 | 2021-12-06 | WooCommerce Currency Switcher < 1.3.7.1 - Reflected Cross-Site Scripting |
| CVE-2021-24939 | 2021-12-06 | LoginWP < 3.0.0.5 - Reflected Cross-Site Scripting |
| CVE-2021-24943 | 2021-12-06 | Registrations for the Events Calendar < 2.7.6 - Unauthenticated SQL Injection |
| CVE-2021-25041 | 2021-12-06 | Photo Gallery by 10Web < 1.5.68 - Reflected Cross-Site Scripting (XSS) |
| CVE-2021-35245 | 2021-12-06 | Broken Access Control Vulnerability for SolarWinds Serv-U |
| CVE-2021-35242 | 2021-12-06 | A valid CSRF token is present in response to an invalid request |
| CVE-2021-36198 | 2021-12-06 | Entrapass |
| CVE-2021-39890 | 2021-12-06 | It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above. |
| CVE-2021-22170 | 2021-12-06 | Assuming a database breach, nonce reuse issues in GitLab 11.6+ allows an attacker to decrypt some of the database's encrypted content |
| CVE-2021-43936 | 2021-12-06 | Distributed Data Systems WebHM |
| CVE-2021-43931 | 2021-12-06 | Distributed Data Systems WebHM |
| CVE-2021-43781 | 2021-12-06 | Permissions not properly checked in Invenio-Drafts-Resources |
| CVE-2021-43800 | 2021-12-06 | Asset directory traversal with some storage modules on Windows |
| CVE-2021-40091 | 2021-12-06 | An SSRF issue was discovered in SquaredUp for SCOM 5.2.1.6654. |
| CVE-2021-4075 | 2021-12-06 | Server-Side Request Forgery (SSRF) in snipe/snipe-it |
| CVE-2021-36564 | 2021-12-06 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component vendor\league\flysystem-cached-adapter\src\Storage\Adapter.php. |
| CVE-2021-36567 | 2021-12-06 | ThinkPHP v6.0.8 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\AbstractCache. |
| CVE-2021-40313 | 2021-12-06 | Piwigo v11.5 was discovered to contain a SQL injection vulnerability via the parameter pwg_token in /admin/batch_manager_global.php. |
| CVE-2021-31631 | 2021-12-06 | b2evolution CMS v7.2.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the User login page. This vulnerability allows attackers to escalate privileges. |
| CVE-2021-31632 | 2021-12-06 | b2evolution CMS v7.2.3 was discovered to contain a SQL injection vulnerability via the parameter cfqueryparam in the User login section. This vulnerability allows attackers to execute arbitrary code via a... |
| CVE-2021-44682 | 2021-12-06 | An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |
| CVE-2021-44681 | 2021-12-06 | An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |
| CVE-2021-44680 | 2021-12-06 | An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |
| CVE-2021-44679 | 2021-12-06 | An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |
| CVE-2021-44678 | 2021-12-06 | An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |
| CVE-2021-44677 | 2021-12-06 | An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports... |