Lista CVE - 2021 / Dicembre
Visualizzazione 201 - 300 di 1978 CVE per Dicembre 2021 (Pagina 3 di 20)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-44684 | 2021-12-06 | naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function. |
| CVE-2021-44685 | 2021-12-06 | Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the... |
| CVE-2021-44686 | 2021-12-06 | calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
| CVE-2021-28703 | 2021-12-07 | grant table v2 status pages may remain accessible after de-allocation (take two) Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated /... |
| CVE-2021-44512 | 2021-12-07 | World-writable permissions on the /tmp/tmate/sessions directory in tmate-ssh-server 2.3.0 allow a local attacker to compromise the integrity of session handling, or obtain the read-write session ID from a read-only session... |
| CVE-2021-44513 | 2021-12-07 | Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows a local attacker to compromise the integrity of session handling. |
| CVE-2021-4049 | 2021-12-07 | Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat |
| CVE-2021-29113 | 2021-12-07 | Remote file inclusion vulnerability in ArcGIS Server help documentation |
| CVE-2021-29114 | 2021-12-07 | SQL injection vulnerability in ArcGIS Server |
| CVE-2021-29115 | 2021-12-07 | An information disclosure vulnerability |
| CVE-2021-29116 | 2021-12-07 | BUG-000142180 Hosted feature services vulnerable to stored XSS |
| CVE-2021-40092 | 2021-12-07 | A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. |
| CVE-2021-40093 | 2021-12-07 | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. |
| CVE-2021-40094 | 2021-12-07 | A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device. |
| CVE-2021-40095 | 2021-12-07 | An issue was discovered in SquaredUp for SCOM 5.2.1.6654. The Download Log feature in System / Maintenance was susceptible to a local file inclusion vulnerability (when processing remote input in... |
| CVE-2021-40096 | 2021-12-07 | A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some... |
| CVE-2021-44527 | 2021-12-07 | A vulnerability found in UniFi Switch firmware Version 5.43.35 and earlier allows a malicious actor who has already gained access to the network to perform a Deny of Service (DoS)... |
| CVE-2021-22955 | 2021-12-07 | A unauthenticated denial of service vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 when configured as a VPN (Gateway) or AAA virtual server could allow an attacker to cause... |
| CVE-2021-22956 | 2021-12-07 | An uncontrolled resource consumption vulnerability exists in Citrix ADC <13.0-83.27, <12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause... |
| CVE-2021-42124 | 2021-12-07 | An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover. |
| CVE-2021-42125 | 2021-12-07 | An unrestricted file upload vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to write dangerous files. |
| CVE-2021-42126 | 2021-12-07 | An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. |
| CVE-2021-42127 | 2021-12-07 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 using Inforail Service allows arbitrary code execution via Data Repository Service. |
| CVE-2021-42128 | 2021-12-07 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using inforail Service allows Privilege Escalation via Enterprise Server Service. |
| CVE-2021-42129 | 2021-12-07 | A command injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. |
| CVE-2021-42130 | 2021-12-07 | A deserialization of untrusted data vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary code execution. |
| CVE-2021-42131 | 2021-12-07 | A SQL Injection vulnerability exists in Ivanti Avalance before 6.3.3 allows an attacker with access to the Inforail Service to perform privilege escalation. |
| CVE-2021-42132 | 2021-12-07 | A command Injection vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform arbitrary command execution. |
| CVE-2021-42133 | 2021-12-07 | An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write. |
| CVE-2021-44187 | 2021-12-07 | Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44186 | 2021-12-07 | Adobe Bridge SGI File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44185 | 2021-12-07 | Adobe Bridge RGB File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2020-27413 | 2021-12-07 | An issue was discovered in Mahavitaran android application 7.50 and below, allows local attackers to read cleartext username and password while the user is logged into the application. |
| CVE-2021-37038 | 2021-12-07 | There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-37041 | 2021-12-07 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. |
| CVE-2021-37042 | 2021-12-07 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause out-of-bounds read. |
| CVE-2021-37046 | 2021-12-07 | There is a Memory leak vulnerability with the codec detection module in Huawei Smartphone.Successful exploitation of this vulnerability may cause the device to restart due to memory exhaustion. |
| CVE-2021-37047 | 2021-12-07 | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause some services to restart. |
| CVE-2021-37055 | 2021-12-07 | There is a Logic bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. |
| CVE-2021-37056 | 2021-12-07 | There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information. |
| CVE-2020-19611 | 2021-12-07 | Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. |
| CVE-2021-37011 | 2021-12-07 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
| CVE-2021-37014 | 2021-12-07 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to device cannot be used properly. |
| CVE-2021-37020 | 2021-12-07 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
| CVE-2021-37021 | 2021-12-07 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Out-of-bounds read. |
| CVE-2021-37043 | 2021-12-07 | There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. |
| CVE-2021-37048 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to fake visitors to control PC,play a video,etc. |
| CVE-2021-37057 | 2021-12-07 | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to restart the phone. |
| CVE-2021-37058 | 2021-12-07 | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the user's nickname is maliciously tampered with. |
| CVE-2021-37059 | 2021-12-07 | There is a Weaknesses Introduced During Design |
| CVE-2021-37060 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to SAMGR Heap Address Leakage. |
| CVE-2021-37061 | 2021-12-07 | There is a Uncontrolled Resource Consumption vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Screen projection application denial of service. |
| CVE-2021-37062 | 2021-12-07 | There is a Improper Validation of Array Index vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory overflow and information leakage. |
| CVE-2021-37063 | 2021-12-07 | There is a Cryptographic Issues vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to read and delete images of Harmony devices. |
| CVE-2021-37064 | 2021-12-07 | There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to arbitrary file created. |
| CVE-2021-37065 | 2021-12-07 | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality or Availability impacted. |
| CVE-2021-37066 | 2021-12-07 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
| CVE-2021-37067 | 2021-12-07 | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. |
| CVE-2021-37068 | 2021-12-07 | There is a Resource Management Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of Service Attacks. |
| CVE-2021-37070 | 2021-12-07 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
| CVE-2021-37071 | 2021-12-07 | There is a Business Logic Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to persistent dos. |
| CVE-2021-37072 | 2021-12-07 | There is a Incorrect Calculation of Buffer Size vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to memory crash. |
| CVE-2021-37073 | 2021-12-07 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to the detection result is tampered with. |
| CVE-2021-37076 | 2021-12-07 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
| CVE-2021-37077 | 2021-12-07 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel crash. |
| CVE-2021-37078 | 2021-12-07 | There is a Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote Denial of Service. |
| CVE-2021-37079 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete arbitrary file by system_app permission. |
| CVE-2021-37080 | 2021-12-07 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. |
| CVE-2021-37081 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to nearby crash. |
| CVE-2021-37082 | 2021-12-07 | There is a Race Condition vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to motionhub crash. |
| CVE-2021-37083 | 2021-12-07 | There is a NULL Pointer Dereference vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Denial of Service Attacks. |
| CVE-2021-37084 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious invoking other functions of the Smart Assistant through text messages. |
| CVE-2021-37085 | 2021-12-07 | There is a Encoding timing vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to denial of service. |
| CVE-2021-37086 | 2021-12-07 | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers which can isolate and read synchronization files of other applications across... |
| CVE-2021-37087 | 2021-12-07 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can create arbitrary file. |
| CVE-2021-37088 | 2021-12-07 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers can write any content to any file. |
| CVE-2021-37089 | 2021-12-07 | There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to kernel restart. |
| CVE-2021-37090 | 2021-12-07 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to process crash. |
| CVE-2021-37091 | 2021-12-07 | There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to confidentiality affected. |
| CVE-2021-37094 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system denial of service. |
| CVE-2021-37095 | 2021-12-07 | There is a Integer Overflow or Wraparound vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to remote denial of service and potential remote code execution. |
| CVE-2021-37096 | 2021-12-07 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to user privacy disclosed. |
| CVE-2021-37099 | 2021-12-07 | There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to delete any file. |
| CVE-2021-37100 | 2021-12-07 | There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. |
| CVE-2021-43789 | 2021-12-07 | Blind SQLi using Search filters in PrestaShop |
| CVE-2021-43805 | 2021-12-07 | ReDos vulnerability on guest checkout email validation |
| CVE-2021-43175 | 2021-12-07 | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that... |
| CVE-2021-43176 | 2021-12-07 | The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 takes a user-supplied “action” parameter and appends a .php file extension to locate and load the correct PHP... |
| CVE-2020-12140 | 2021-12-07 | A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. |
| CVE-2021-43798 | 2021-12-07 | Grafana path traversal |
| CVE-2021-41716 | 2021-12-07 | Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable to remote account takeover due to OTP fixation vulnerability in password rest function |
| CVE-2021-40859 | 2021-12-07 | Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device. |
| CVE-2021-37940 | 2021-12-07 | An information disclosure via GET request server-side request forgery vulnerability was discovered with the Workplace Search Github Enterprise Server integration. Using this vulnerability, a malicious Workplace Search admin could use... |
| CVE-2021-24041 | 2021-12-07 | A missing bounds check in image blurring code prior to WhatsApp for Android v2.21.22.7 and WhatsApp Business for Android v2.21.22.7 could have allowed an out-of-bounds write if a user sent... |
| CVE-2021-40288 | 2021-12-07 | A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in TP-Link AX10v1 before V1_211014, allows a remote unauthenticated attacker to disconnect an already connected wireless client via sending with a... |
| CVE-2021-42972 | 2021-12-07 | NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or... |
| CVE-2021-42973 | 2021-12-07 | NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or... |
| CVE-2021-42976 | 2021-12-07 | NoMachine Enterprise Desktop is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel... |
| CVE-2021-42977 | 2021-12-07 | NoMachine Enterprise Desktop is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Enterprise Desktop above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel... |
| CVE-2021-42979 | 2021-12-07 | NoMachine Cloud Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Cloud Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel... |