CVE List - 2021 / December
Showing 1 - 100 of 1978 CVEs for December 2021 (Page 1 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-41039 | 2021-12-01 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of... |
| CVE-2021-38575 | 2021-12-01 | NetworkPkg/IScsiDxe has remotely exploitable buffer overflows. |
| CVE-2021-4019 | 2021-12-01 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-40809 | 2021-12-01 | An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows. |
| CVE-2021-43358 | 2021-12-01 | Sunnet eHRD - Path Traversal |
| CVE-2021-43359 | 2021-12-01 | Sunnet eHRD - Broken Access Control |
| CVE-2021-43360 | 2021-12-01 | Sunnet eHRD - Insecure Deserialization |
| CVE-2021-20847 | 2021-12-01 | Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of... |
| CVE-2021-20851 | 2021-12-01 | Cross-site request forgery (CSRF) vulnerability in Browser and Operating System Finder versions prior to 1.2 allows a remote unauthenticated attacker to hijack the authentication of an administrator via unspecified vectors. |
| CVE-2021-20852 | 2021-12-01 | Buffer overflow vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute an arbitrary... |
| CVE-2021-20853 | 2021-12-01 | ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20854 | 2021-12-01 | ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a network-adjacent attacker with an administrator privilege to execute arbitrary OS commands via unspecified vectors. |
| CVE-2021-20855 | 2021-12-01 | Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified... |
| CVE-2021-20856 | 2021-12-01 | Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified... |
| CVE-2021-20857 | 2021-12-01 | Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20858 | 2021-12-01 | Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. |
| CVE-2021-20859 | 2021-12-01 | ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware... |
| CVE-2021-20860 | 2021-12-01 | Cross-site request forgery (CSRF) vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W... |
| CVE-2021-20861 | 2021-12-01 | Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware... |
| CVE-2021-20862 | 2021-12-01 | Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52... |
| CVE-2021-20863 | 2021-12-01 | OS command injection vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52... |
| CVE-2021-20864 | 2021-12-01 | Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52... |
| CVE-2021-34599 | 2021-12-01 | Improper Certificate Validation in CODESYS Git |
| CVE-2021-4018 | 2021-12-01 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2021-4017 | 2021-12-01 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-4015 | 2021-12-01 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3993 | 2021-12-01 | Cross-Site Request Forgery (CSRF) in star7th/showdoc |
| CVE-2021-3994 | 2021-12-01 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk |
| CVE-2021-3992 | 2021-12-01 | Improper Access Control in kevinpapst/kimai2 |
| CVE-2021-3990 | 2021-12-01 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in star7th/showdoc |
| CVE-2021-3989 | 2021-12-01 | Open Redirect in star7th/showdoc |
| CVE-2021-3985 | 2021-12-01 | Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 |
| CVE-2021-3983 | 2021-12-01 | Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 |
| CVE-2021-3964 | 2021-12-01 | Authorization Bypass Through User-Controlled Key in elgg/elgg |
| CVE-2021-32592 | 2021-12-01 | An unsafe search path vulnerability in FortiClientWindows 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x and FortiClientEMS 7.0.0, 6.4.6 and below, 6.2.x, 6.0.x may allow an attacker to perform a DLL Hijack... |
| CVE-2021-43690 | 2021-12-01 | YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. |
| CVE-2021-44280 | 2021-12-01 | attendance management system 1.0 is affected by a SQL injection vulnerability in admin/incFunctions.php through the makeSafe function. |
| CVE-2021-44279 | 2021-12-01 | Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. |
| CVE-2021-44277 | 2021-12-01 | Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. |
| CVE-2021-25967 | 2021-12-01 | CKAN - Stored Cross-Site Scripting (XSS) via SVG File Upload |
| CVE-2021-43689 | 2021-12-01 | manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have... |
| CVE-2021-40154 | 2021-12-01 | NXP LPC55S69 devices before A3 have a buffer over-read via a crafted wlength value in a GET Descriptor Configuration request during use of USB In-System Programming (ISP) mode. This discloses... |
| CVE-2021-44479 | 2021-12-01 | NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash... |
| CVE-2021-43685 | 2021-12-01 | libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function. |
| CVE-2021-44480 | 2021-12-01 | Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command,... |
| CVE-2020-10627 | 2021-12-01 | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless... |
| CVE-2021-20609 | 2021-12-01 | Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series... |
| CVE-2021-20610 | 2021-12-01 | Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU,... |
| CVE-2021-20611 | 2021-12-01 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU, MELSEC iQ-R Series R08/16/32/120SFCPU, MELSEC iQ-R Series R08/16/32/120PCPU, MELSEC iQ-R Series R08/16/32/120PSFCPU, MELSEC iQ-R Series... |
| CVE-2021-26334 | 2021-12-01 | AMD Chipset Driver Information Disclosure Vulnerability |
| CVE-2021-43687 | 2021-12-01 | chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. |
| CVE-2021-42776 | 2021-12-01 | CloverDX Server before 5.11.2 and and 5.12.x before 5.12.1 allows XXE during configuration import. |
| CVE-2021-20400 | 2021-12-01 | IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074. |
| CVE-2021-29779 | 2021-12-01 | IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in... |
| CVE-2021-29849 | 2021-12-01 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-29863 | 2021-12-01 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-43451 | 2021-12-01 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. |
| CVE-2021-43137 | 2021-12-01 | Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover. |
| CVE-2021-43792 | 2021-12-01 | Notifications leak in Discourse |
| CVE-2021-43794 | 2021-12-01 | Anonymous user cache poisoning via development-mode header in Discourse |
| CVE-2021-43793 | 2021-12-01 | Bypass of Poll voting limits in Discourse |
| CVE-2021-33274 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80040af8 in /formWlanSetup. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33270 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_800462c4 in /formAdvFirewall. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33271 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_80046EB4 in /formSetPortTr. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33269 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualServ. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33267 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80034d60 in /formStaticDHCP. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33268 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function sub_8003183C in /fromLogin. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33266 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_8004776c in /formVirtualApp. This vulnerability is triggered via a crafted POST... |
| CVE-2021-33265 | 2021-12-01 | D-Link DIR-809 devices with firmware through DIR-809Ax_FW1.12WWB03_20190410 were discovered to contain a stack buffer overflow vulnerability in the function FUN_80046eb4 in /formSetPortTr. This vulnerability is triggered via a crafted POST... |
| CVE-2021-42711 | 2021-12-01 | Barracuda Network Access Client before 5.2.2 creates a Temporary File in a Directory with Insecure Permissions. This file is executed with SYSTEM privileges when an unprivileged user performs a repair... |
| CVE-2020-35012 | 2021-12-01 | Events Manager < 5.9.8 - Admin+ SQL Injection |
| CVE-2020-35037 | 2021-12-01 | Events Manager < 5.9.8 - Cross-Site Scripting (XSS) |
| CVE-2020-36129 | 2021-12-02 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aom_image.c. |
| CVE-2020-36130 | 2021-12-02 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component av1/av1_dx_iface.c. |
| CVE-2020-36131 | 2021-12-02 | AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c. |
| CVE-2020-36133 | 2021-12-02 | AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h. |
| CVE-2020-36134 | 2021-12-02 | AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. |
| CVE-2020-36135 | 2021-12-02 | AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c. |
| CVE-2021-43791 | 2021-12-02 | Ineffective expiration validation for invitation links in Zulip |
| CVE-2021-44227 | 2021-12-02 | In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or... |
| CVE-2020-27414 | 2021-12-02 | Mahavitaran android application 7.50 and prior transmit sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer... |
| CVE-2021-26777 | 2021-12-02 | Buffer overflow vulnerability in function SetFirewall in index.cgi in CIRCUTOR COMPACT DC-S BASIC smart metering concentrator Firwmare version CIR_CDC_v1.2.17, allows attackers to execute arbitrary code. |
| CVE-2021-43686 | 2021-12-02 | nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. |
| CVE-2021-43683 | 2021-12-02 | pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. |
| CVE-2021-43681 | 2021-12-02 | SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. |
| CVE-2021-43682 | 2021-12-02 | thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user... |
| CVE-2021-43679 | 2021-12-02 | ecshop v2.7.3 is affected by a SQL injection vulnerability in shopex\ecshop\upload\api\client\api.php. |
| CVE-2021-23258 | 2021-12-02 | Spring SPEL Expression Language Injection |
| CVE-2021-23259 | 2021-12-02 | Groovy Sandbox Bypass |
| CVE-2021-23260 | 2021-12-02 | Stored XSS Vulnerability in File Name of the File Upload function |
| CVE-2021-23261 | 2021-12-02 | Overriding the system configuration file causes a denial of service |
| CVE-2021-23262 | 2021-12-02 | Snakeyaml deserialization vulnerability bypass |
| CVE-2021-23263 | 2021-12-02 | Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine |
| CVE-2021-23264 | 2021-12-02 | Transmission of Private Resources into a New Sphere ('Resource Leak') and Exposure of Resource to Wrong Sphere in Crafter Search |
| CVE-2021-3944 | 2021-12-02 | Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack |
| CVE-2021-44518 | 2021-12-02 | An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion... |
| CVE-2015-20105 | 2021-12-02 | ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting |
| CVE-2015-20106 | 2021-12-02 | ClickBank Affiliate Ads <= 1.20 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-43795 | 2021-12-02 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in com.linecorp.armeria:armeria |
| CVE-2021-44050 | 2021-12-02 | CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user... |