Lista CVE - 2021 / Settembre
Visualizzazione 1801 - 1899 di 1899 CVE per Settembre 2021 (Pagina 19 di 19)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2021-39841 | 2021-09-29 | Adobe Acrobat Pro DC DocMedia Type Confusion Remote Code Execution Vulnerability |
| CVE-2021-39842 | 2021-09-29 | Adobe Acrobat Reader DC messageHandler.OnMessage Use-After-Free Vulnerability |
| CVE-2021-39843 | 2021-09-29 | Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability |
| CVE-2021-39844 | 2021-09-29 | Adobe Acrobat Reader CalRGB Out-of-Bounds Read Vulnerability |
| CVE-2021-39845 | 2021-09-29 | Adobe Acrobat Reader Page Tree Node Recursive Stack Overflow |
| CVE-2021-39853 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39851 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39846 | 2021-09-29 | Adobe Acrobat Reader /Parent Property Recursive Stack Overflow |
| CVE-2021-39852 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39850 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39857 | 2021-09-29 | Adobe Acrobat Reader DC Information Disclosure via ActiveX LoadFile |
| CVE-2021-39849 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39855 | 2021-09-29 | Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via src Parameter |
| CVE-2021-39854 | 2021-09-29 | Adobe Acrobat Reader DC Null Pointer Dereference Could Lead To Application Denial-of-Service |
| CVE-2021-39860 | 2021-09-29 | Adobe Acrobat Reader DC Search Plugin Null Pointer Dereference |
| CVE-2021-39856 | 2021-09-29 | Adobe Acrobat Reader DC NTLMv2 SSO Information Disclosure via LoadFile |
| CVE-2021-39861 | 2021-09-29 | Adobe Acrobat Reader DC Catalog Plugin Out-of-Bounds Read Bug |
| CVE-2021-39858 | 2021-09-29 | Adobe Acrobat Pro DC PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-39865 | 2021-09-29 | Adobe FrameMaker TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40708 | 2021-09-29 | Adobe Genuine Service Installer Privilege Escalation Vulnerability |
| CVE-2021-39862 | 2021-09-29 | Adobe FrameMaker PostScript File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40715 | 2021-09-29 | Adobe Premiere Pro 2021 EXR File Parsing Leads to Memory Corruption |
| CVE-2021-39863 | 2021-09-29 | Adobe Acrobat Reader DC Heap-based Buffer Overflow Vulnerability Could Lead To Arbitrary Code Execution |
| CVE-2021-40697 | 2021-09-29 | Adobe FrameMaker PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-40710 | 2021-09-29 | Adobe Premiere Pro 2021 SVG File Parsing Leads to Memory Corruption |
| CVE-2021-40716 | 2021-09-29 | XMP Toolkit SDK SVG_Adapter Out-of-bounds Read Information Disclosure |
| CVE-2021-28547 | 2021-09-29 | Adobe Creative Cloud for macOS Privilege Escalation Vulnerability |
| CVE-2021-29834 | 2021-09-29 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows... |
| CVE-2021-23446 | 2021-09-29 | Regular Expression Denial of Service (ReDoS) |
| CVE-2021-41573 | 2021-09-29 | Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If authenticated user creates a link to a file or folder while the system was running version 4.3.x or... |
| CVE-2021-41732 | 2021-09-29 | An issue was discovered in zeek version 4.1.0. There is a HTTP request splitting vulnerability that will invalidate any ZEEK HTTP based security analysis. NOTE: the vendor's position is that... |
| CVE-2021-41764 | 2021-09-29 | A cross-site request forgery (CSRF) vulnerability exists in Streama up to and including v1.10.3. The application does not have CSRF checks in place when performing actions such as uploading local... |
| CVE-2021-35945 | 2021-09-29 | Couchbase Server 6.5.x, 6.6.0 through 6.6.2, and 7.0.0, has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. |
| CVE-2021-35943 | 2021-09-29 | Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed users are not prevented from using an empty password, per RFC4513. |
| CVE-2021-35944 | 2021-09-29 | Couchbase Server 6.5.x, 6.6.x through 6.6.2, and 7.0.0 has a Buffer Overflow. A specially crafted network packet sent from an attacker can crash memcached. |
| CVE-2020-12030 | 2021-09-29 | Emerson WirelessHART Gateway |
| CVE-2021-39342 | 2021-09-29 | Credova_Financial <= 1.4.8 Sensitive Information Disclosure |
| CVE-2021-3653 | 2021-09-29 | A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest... |
| CVE-2021-41795 | 2021-09-29 | The Safari app extension bundled with 1Password for Mac 7.7.0 through 7.8.x before 7.8.7 is vulnerable to authorization bypass. By targeting a vulnerable component of this extension, a malicious web... |
| CVE-2020-20128 | 2021-09-29 | LaraCMS v1.0.1 transmits sensitive information in cleartext which can be intercepted by attackers. |
| CVE-2020-20129 | 2021-09-29 | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. |
| CVE-2020-20131 | 2021-09-29 | LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. |
| CVE-2021-41034 | 2021-09-29 | The build of some language stacks of Eclipse Che version 6 includes pulling some binaries from an unsecured HTTP endpoint. As a consequence the builds of such stacks are vulnerable... |
| CVE-2020-20781 | 2021-09-29 | A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description... |
| CVE-2021-41821 | 2021-09-29 | Wazuh Manager in Wazuh through 4.1.5 is affected by a remote Integer Underflow vulnerability that might lead to denial of service. A crafted message must be sent from an authenticated... |
| CVE-2021-41824 | 2021-09-29 | Craft CMS before 3.7.14 allows CSV injection. |
| CVE-2021-41826 | 2021-09-29 | PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. |
| CVE-2020-18684 | 2021-09-30 | Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. |
| CVE-2020-18685 | 2021-09-30 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. |
| CVE-2020-18683 | 2021-09-30 | Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. |
| CVE-2021-41829 | 2021-09-30 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. |
| CVE-2021-41828 | 2021-09-30 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials associated with resetPWD.xml. |
| CVE-2021-41827 | 2021-09-30 | Zoho ManageEngine Remote Access Plus before 10.1.2121.1 has hardcoded credentials for read-only access. The credentials are in the source code that corresponds to the DCBackupRestore JAR archive. |
| CVE-2021-25963 | 2021-09-30 | Shuup - Reflected XSS in Error Page |
| CVE-2021-41616 | 2021-09-30 | Apache ddlutils 1.0 readobject vulnerability |
| CVE-2021-41290 | 2021-09-30 | ECOA BAS controller - Path Traversal-1 |
| CVE-2021-41291 | 2021-09-30 | ECOA BAS controller - Path Traversal-1 |
| CVE-2021-41292 | 2021-09-30 | ECOA BAS controller - Broken Authentication |
| CVE-2021-41293 | 2021-09-30 | ECOA BAS controller - Path Traversal-3 |
| CVE-2021-41294 | 2021-09-30 | ECOA BAS controller - Path Traversal-4 |
| CVE-2021-41295 | 2021-09-30 | ECOA BAS controller - Cross-Site Request Forgery (CSRF) |
| CVE-2021-41296 | 2021-09-30 | ECOA BAS controller - Weak Password Requirements |
| CVE-2021-41297 | 2021-09-30 | ECOA BAS controller - Insufficiently Protected Credentials-1 |
| CVE-2021-41298 | 2021-09-30 | ECOA BAS controller - Improper Access Control |
| CVE-2021-41299 | 2021-09-30 | ECOA BAS controller - Use of Hard-coded Credentials |
| CVE-2021-41300 | 2021-09-30 | ECOA BAS controller - Insufficiently Protected Credentials-2 |
| CVE-2021-41301 | 2021-09-30 | ECOA BAS controller - Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2021-41302 | 2021-09-30 | ECOA BAS controller - Missing Encryption of Sensitive Data |
| CVE-2021-41729 | 2021-09-30 | BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php. |
| CVE-2021-21089 | 2021-09-30 | Adobe Acrobat Reader DC URI Parsing Out-Of-Bounds Read |
| CVE-2021-41109 | 2021-09-30 | LiveQuery publishes user session tokens |
| CVE-2021-24016 | 2021-09-30 | An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field... |
| CVE-2021-24017 | 2021-09-30 | An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. |
| CVE-2021-20554 | 2021-09-30 | IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended... |
| CVE-2021-20578 | 2021-09-30 | IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199282. |
| CVE-2021-29894 | 2021-09-30 | IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID:... |
| CVE-2020-20662 | 2021-09-30 | libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_example1.c. |
| CVE-2020-20663 | 2021-09-30 | libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component mms_client_connection.c. |
| CVE-2020-20664 | 2021-09-30 | libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. |
| CVE-2020-20665 | 2021-09-30 | rudp v0.6 was discovered to contain a memory leak in the component main.c. |
| CVE-2021-35204 | 2021-09-30 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. |
| CVE-2021-35203 | 2021-09-30 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. |
| CVE-2021-35202 | 2021-09-30 | NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. |
| CVE-2021-35201 | 2021-09-30 | NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. |
| CVE-2021-35200 | 2021-09-30 | NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. |
| CVE-2021-35205 | 2021-09-30 | NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. |
| CVE-2021-35198 | 2021-09-30 | NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. |
| CVE-2021-35199 | 2021-09-30 | NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. |
| CVE-2021-41288 | 2021-09-30 | Zoho ManageEngine OpManager version 125466 and below is vulnerable to SQL Injection in the getReportData API. |
| CVE-2021-41323 | 2021-09-30 | Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. |
| CVE-2021-41325 | 2021-09-30 | Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. (In addition, such users can be granted several... |
| CVE-2021-33583 | 2021-09-30 | REINER timeCard 6.05.07 installs a Microsoft SQL Server with an sa password that is hardcoded in the TCServer.jar file. |
| CVE-2021-41101 | 2021-09-30 | CORS `Access-Control-Allow-Origin` settings are too lenient |
| CVE-2021-41324 | 2021-09-30 | Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the... |
| CVE-2020-20746 | 2021-09-30 | A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03.06.60_EN allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via a crafted POST... |
| CVE-2020-20796 | 2021-09-30 | FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/article.php via the "Id" parameter. |
| CVE-2020-20797 | 2021-09-30 | FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability in /account/register.php. |
| CVE-2020-20799 | 2021-09-30 | JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. |
| CVE-2021-41456 | 2021-10-01 | There is a stack buffer overflow in MP4Box v1.0.1 at src/filters/dmx_nhml.c:1004 in the nhmldmx_send_sample() function szXmlTo parameter which leads to a denial of service vulnerability. |
| CVE-2021-41457 | 2021-10-01 | There is a stack buffer overflow in MP4Box 1.1.0 at src/filters/dmx_nhml.c in nhmldmx_init_parsing which leads to a denial of service vulnerability. |