CVE List - 2021 / December
Showing 1201 - 1300 of 1978 CVEs for December 2021 (Page 13 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-43746 | 2021-12-20 | Adobe Premiere Rush MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2021-44179 | 2021-12-20 | Adobe Dimension GIF File Parsing Memory Corruption Remote Code Execution Vulnerability |
| CVE-2021-43763 | 2021-12-20 | Adobe Dimension TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44182 | 2021-12-20 | Adobe Dimension SVG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44183 | 2021-12-20 | Adobe Dimension TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44180 | 2021-12-20 | Adobe Dimension PCX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-44181 | 2021-12-20 | Adobe Dimension GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-44699 | 2021-12-20 | Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44698 | 2021-12-20 | Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-44697 | 2021-12-20 | Adobe Audition MOV File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-38409 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator uninitialized pointer |
| CVE-2021-38401 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator untrusted pointer dereference |
| CVE-2021-38415 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator heap based buffer overflow |
| CVE-2021-38421 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator out of bounds read |
| CVE-2021-38413 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator stack based buffer overflow |
| CVE-2021-38419 | 2021-12-20 | Fuji Electric Tellus Lite V-Simulator out of bounds write |
| CVE-2021-42809 | 2021-12-20 | The Sentinel Protection Installer 7.7.0 does not properly restrict loading Dynamic Link Library |
| CVE-2021-42138 | 2021-12-20 | A user of a machine protected by SafeNet Agent for Windows Logon may leverage weak entropy to access the encrypted credentials of any or all the users on that machine. |
| CVE-2021-42808 | 2021-12-20 | The Sentinel Protection Installer 7.7.0 creates files and directory with all privileges granting any user full permissions. |
| CVE-2021-43843 | 2021-12-20 | Insufficient patch for Regular Expression Denial of Service (ReDoS) to jsx-slack v4.5.1 |
| CVE-2021-43844 | 2021-12-20 | Externally Controlled Reference to a Resource in Another Sphere in MSEdgeRedirect |
| CVE-2021-43846 | 2021-12-20 | CSRF forgery protection bypass for Spree::OrdersController#populate |
| CVE-2021-43847 | 2021-12-20 | Authorization Bypass in Space Invite in HumHub |
| CVE-2021-43842 | 2021-12-20 | Stored XSS via SVG file upload in Wiki.js |
| CVE-2021-45291 | 2021-12-21 | The gf_dump_setup function in GPAC 1.0.1 allows malicoius users to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. |
| CVE-2021-45292 | 2021-12-21 | The gf_isom_hint_rtp_read function in GPAC 1.0.1 allows attackers to cause a denial of service (Invalid memory address dereference) via a crafted file in the MP4Box command. |
| CVE-2021-45297 | 2021-12-21 | An infinite loop vulnerability exists in Gpac 1.0.1 in gf_get_bit_size. |
| CVE-2021-45450 | 2021-12-21 | In Mbed TLS before 2.28.0 and 3.x before 3.1.0, psa_cipher_generate_iv and psa_cipher_encrypt allow policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted... |
| CVE-2021-45451 | 2021-12-21 | In Mbed TLS before 3.1.0, psa_aead_generate_nonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application. |
| CVE-2021-24578 | 2021-12-21 | SportsPress < 2.7.9 - Reflected Cross-Site Scripting |
| CVE-2021-24738 | 2021-12-21 | Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24739 | 2021-12-21 | Logo Carousel < 3.4.2 - Unauthorised Private Post Access |
| CVE-2021-24750 | 2021-12-21 | WP Visitor Statistics (Real Time Traffic) < 4.8 - Subscriber+ SQL Injection |
| CVE-2021-24846 | 2021-12-21 | Ni WooCommerce Custom Order Status < 1.9.7 - Subscriber+ SQL Injection |
| CVE-2021-24849 | 2021-12-21 | WCFM - WooCommerce Multivendor Marketplace < 3.4.12 - Unauthenticated SQL Injection |
| CVE-2021-24907 | 2021-12-21 | Everest Forms < 1.8.0 - Reflected Cross-Site Scripting |
| CVE-2021-24941 | 2021-12-21 | Icegram < 2.0.5 - Reflected Cross-Site Scripting |
| CVE-2021-24956 | 2021-12-21 | Blog2Social < 6.8.7 - Reflected Cross-Site Scripting |
| CVE-2021-24981 | 2021-12-21 | Directorist – Business Directory Plugin < 7.0.6.2 - CSRF to Remote File Upload |
| CVE-2021-45252 | 2021-12-21 | Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are manage_topic.php, manage_user.php, and ajax.php. The attacker can be retrieving all information from... |
| CVE-2021-45253 | 2021-12-21 | The id parameter in view_storage.php from Simple Cold Storage Management System 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file... |
| CVE-2021-45255 | 2021-12-21 | The email parameter from ajax.php of Video Sharing Website 1.0 appears to be vulnerable to SQL injection attacks. A payload injects a SQL sub-query that calls MySQL's load_file function with... |
| CVE-2021-4139 | 2021-12-21 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2021-45091 | 2021-12-21 | Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. |
| CVE-2021-45089 | 2021-12-21 | Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. |
| CVE-2021-45090 | 2021-12-21 | Stormshield Endpoint Security before 2.1.2 allows remote code execution. |
| CVE-2012-20001 | 2021-12-21 | PrestaShop before 1.5.2 allows XSS via the "<object data='data:text/html" substring in the message field. |
| CVE-2021-44877 | 2021-12-21 | Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user... |
| CVE-2021-44875 | 2021-12-21 | Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management,... |
| CVE-2021-44876 | 2021-12-21 | Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management,... |
| CVE-2021-44874 | 2021-12-21 | Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Insecure design on report build via SQL query. The Systeam application is an ERP system that uses a mixed architecture based... |
| CVE-2021-43839 | 2021-12-21 | Drainage of FeeCollector's Block Transaction Fees |
| CVE-2021-45288 | 2021-12-21 | A Double Free vulnerability exists in filedump.c in GPAC 1.0.1, which could cause a Denail of Service via a crafted file in the MP4Box command. |
| CVE-2021-36316 | 2021-12-21 | Dell EMC Avamar Server versions 18.2, 19.1, 19.2, 19.3, and 19.4 contain an improper privilege management vulnerability in AUI. A malicious user with high privileges could potentially exploit this vulnerability,... |
| CVE-2021-36317 | 2021-12-21 | Dell EMC Avamar Server version 19.4 contains a plain-text password storage vulnerability in AvInstaller. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials.... |
| CVE-2021-36318 | 2021-12-21 | Dell EMC Avamar versions 18.2,19.1,19.2,19.3,19.4 contain a plain-text password storage vulnerability. A high privileged user could potentially exploit this vulnerability, leading to a complete outage. |
| CVE-2021-36336 | 2021-12-21 | Wyse Management Suite 3.3.1 and below versions contain a deserialization vulnerability that could allow an unauthenticated attacker to execute code on the affected system. |
| CVE-2021-36337 | 2021-12-21 | Dell Wyse Management Suite version 3.3.1 and prior support insecure Transport Security Protocols TLS 1.0 and TLS 1.1 which are susceptible to Man-In-The-Middle attacks thereby compromising Confidentiality and Integrity of... |
| CVE-2021-36341 | 2021-12-21 | Dell Wyse Device Agent version 14.5.4.1 and below contain a sensitive data exposure vulnerability. A local authenticated user with low privileges could potentially exploit this vulnerability in order to access... |
| CVE-2021-36350 | 2021-12-21 | Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary weakness in one of the authentication factors. A remote unauthenticated attacker may potentially exploit this vulnerability and bypass one... |
| CVE-2021-43587 | 2021-12-21 | Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to... |
| CVE-2021-45289 | 2021-12-21 | A vulnerability exists in GPAC 1.0.1 due to an omission of security-relevant Information, which could cause a Denial of Service. The program terminates with signal SIGKILL. |
| CVE-2021-45290 | 2021-12-21 | A Denial of Service vulnerability exits in Binaryen 103 due to an assertion abort in wasm::handle_unreachable. |
| CVE-2020-19770 | 2021-12-21 | A cross-site scripting (XSS) vulnerability in the system bulletin component of WUZHI CMS v4.1.0 allows attackers to steal the admin's cookie. |
| CVE-2021-44207 | 2021-12-21 | Acclaim USAHERDS through 7.4.0.1 uses hard-coded credentials. |
| CVE-2021-45293 | 2021-12-21 | A Denial of Service vulnerability exists in Binaryen 103 due to an Invalid memory address dereference in wasm::WasmBinaryBuilder::visitLet. |
| CVE-2021-27445 | 2021-12-21 | Mesa Labs AmegaView Improper Privilege Management |
| CVE-2021-27449 | 2021-12-21 | Mesa Labs AmegaView Command Injection |
| CVE-2021-27453 | 2021-12-21 | Mesa Labs AmegaView authentication bypass |
| CVE-2021-27447 | 2021-12-21 | Mesa Labs AmegaView command injection |
| CVE-2021-27451 | 2021-12-21 | Mesa Labs AmegaView improper authentication |
| CVE-2021-44422 | 2021-12-21 | An Improper Input Validation Vulnerability exists when reading a BMP file using Open Design Alliance Drawings SDK before 2022.12. Crafted data in a BMP file can trigger a write operation... |
| CVE-2021-44423 | 2021-12-21 | An out-of-bounds read vulnerability exists when reading a BMP file using Open Design Alliance (ODA) Drawings Explorer before 2022.12. The specific issue exists after loading BMP files. Unchecked input data... |
| CVE-2021-44860 | 2021-12-21 | An out-of-bounds read vulnerability exists when reading a TIF file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TIF files. An unchecked input data... |
| CVE-2021-44859 | 2021-12-21 | An out-of-bounds read vulnerability exists when reading a TGA file using Open Design Alliance Drawings SDK before 2022.12. The specific issue exists after loading TGA files. An unchecked input data... |
| CVE-2021-38893 | 2021-12-21 | IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary... |
| CVE-2021-38900 | 2021-12-21 | IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper... |
| CVE-2021-38966 | 2021-12-21 | IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially... |
| CVE-2021-44917 | 2021-12-21 | A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. |
| CVE-2021-44918 | 2021-12-21 | A Null Pointer Dereference vulnerability exists in gpac 1.1.0 in the gf_node_get_field function, which can cause a segmentation fault and application crash. |
| CVE-2021-44919 | 2021-12-21 | A Null Pointer Dereference vulnerability exists in the gf_sg_vrml_mf_alloc function in gpac 1.1.0-DEV, which causes a segmentation fault and application crash. |
| CVE-2021-44920 | 2021-12-21 | An invalid memory address dereference vulnerability exists in gpac 1.1.0 in the dump_od_to_saf.isra function, which causes a segmentation fault and application crash. |
| CVE-2021-44921 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_isom_parse_movie_boxes_internal function, which causes a segmentation fault and application crash. |
| CVE-2021-44922 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the BD_CheckSFTimeOffset function, which causes a segmentation fault and application crash. |
| CVE-2021-44923 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_dump_vrml_dyn_field.isra function, which causes a segmentation fault and application crash. |
| CVE-2021-44924 | 2021-12-21 | An infinite loop vulnerability exists in gpac 1.1.0 in the gf_log function, which causes a Denial of Service. |
| CVE-2021-44925 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_svg_get_attribute_name function, which causes a segmentation fault and application crash. |
| CVE-2021-44926 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0-DEV in the gf_node_get_tag function, which causes a segmentation fault and application crash. |
| CVE-2021-44927 | 2021-12-21 | A null pointer dereference vulnerability exists in gpac 1.1.0 in the gf_sg_vrml_mf_append function, which causes a segmentation fault and application crash. |
| CVE-2021-43851 | 2021-12-21 | SQL injection vulnerability in anuko timetracker |
| CVE-2021-40393 | 2021-12-22 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted... |
| CVE-2021-40394 | 2021-12-22 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted... |
| CVE-2021-44733 | 2021-12-22 | A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a... |
| CVE-2021-45262 | 2021-12-22 | An invalid free vulnerability exists in gpac 1.1.0 via the gf_sg_command_del function, which causes a segmentation fault and application crash. |
| CVE-2021-45263 | 2021-12-22 | An invalid free vulnerability exists in gpac 1.1.0 via the gf_svg_delete_attribute_value function, which causes a segmentation fault and application crash. |
| CVE-2021-45267 | 2021-12-22 | An invalid memory address dereference vulnerability exists in gpac 1.1.0 via the svg_node_start function, which causes a segmentation fault and application crash. |
| CVE-2021-37706 | 2021-12-22 | Potential integer underflow upon receiving STUN message in PJSIP |
| CVE-2021-43804 | 2021-12-22 | Out-of-bounds read when parsing RTCP BYE message in PJSIP |
| CVE-2021-44028 | 2021-12-22 | XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. |
| CVE-2021-44030 | 2021-12-22 | Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. |