CVE List - 2021 / December
Showing 1401 - 1500 of 1978 CVEs for December 2021 (Page 15 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-20595 | 2021-12-22 | A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add. |
| CVE-2020-20597 | 2021-12-22 | A cross-site scripting (XSS) vulnerability in the potrtalItemName parameter in \web\PortalController.java of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-20598 | 2021-12-22 | A cross-site scripting (XSS) vulnerability in the Editing component of lemon V1.10.0 allows attackers to execute arbitrary web scripts or HTML. |
| CVE-2020-20600 | 2021-12-22 | MetInfo 7.0 beta contains a stored cross-site scripting (XSS) vulnerability in the $name parameter of admin/?n=column&c=index&a=doAddColumn. |
| CVE-2020-20601 | 2021-12-22 | An issue in ThinkCMF X2.2.2 and below allows attackers to execute arbitrary code via a crafted packet. |
| CVE-2020-20605 | 2021-12-22 | Blog CMS v1.0 contains a cross-site scripting (XSS) vulnerability in the /controller/CommentAdminController.java component. |
| CVE-2021-44273 | 2021-12-23 | e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL... |
| CVE-2021-45462 | 2021-12-23 | In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. |
| CVE-2021-3621 | 2021-12-23 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the... |
| CVE-2021-38005 | 2021-12-23 | Use after free in loader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38006 | 2021-12-23 | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38007 | 2021-12-23 | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38008 | 2021-12-23 | Use after free in media in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38009 | 2021-12-23 | Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-38010 | 2021-12-23 | Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. |
| CVE-2021-38011 | 2021-12-23 | Use after free in storage foundation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38012 | 2021-12-23 | Type confusion in V8 in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38013 | 2021-12-23 | Heap buffer overflow in fingerprint recognition in Google Chrome on ChromeOS prior to 96.0.4664.45 allowed a remote attacker who had compromised a WebUI renderer process to potentially perform a sandbox... |
| CVE-2021-38014 | 2021-12-23 | Out of bounds write in Swiftshader in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-38015 | 2021-12-23 | Inappropriate implementation in input in Google Chrome prior to 96.0.4664.45 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome... |
| CVE-2021-38016 | 2021-12-23 | Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass same origin policy via a crafted HTML page. |
| CVE-2021-38017 | 2021-12-23 | Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-38018 | 2021-12-23 | Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2021-38019 | 2021-12-23 | Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-38020 | 2021-12-23 | Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664.45 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted... |
| CVE-2021-38021 | 2021-12-23 | Inappropriate implementation in referrer in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. |
| CVE-2021-38022 | 2021-12-23 | Inappropriate implementation in WebAuthentication in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-4052 | 2021-12-23 | Use after free in web apps in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via... |
| CVE-2021-4053 | 2021-12-23 | Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4054 | 2021-12-23 | Incorrect security UI in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform domain spoofing via a crafted HTML page. |
| CVE-2021-4055 | 2021-12-23 | Heap buffer overflow in extensions in Google Chrome prior to 96.0.4664.93 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a... |
| CVE-2021-4056 | 2021-12-23 | Type confusion in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4057 | 2021-12-23 | Use after free in file API in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted... |
| CVE-2021-4058 | 2021-12-23 | Heap buffer overflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4059 | 2021-12-23 | Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-4061 | 2021-12-23 | Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4062 | 2021-12-23 | Heap buffer overflow in BFCache in Google Chrome prior to 96.0.4664.93 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML... |
| CVE-2021-4063 | 2021-12-23 | Use after free in developer tools in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4064 | 2021-12-23 | Use after free in screen capture in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4065 | 2021-12-23 | Use after free in autofill in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4066 | 2021-12-23 | Integer underflow in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4067 | 2021-12-23 | Use after free in window manager in Google Chrome on ChromeOS prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4068 | 2021-12-23 | Insufficient data validation in new tab page in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
| CVE-2021-4078 | 2021-12-23 | Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-4079 | 2021-12-23 | Out of bounds write in WebRTC in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via crafted WebRTC packets. |
| CVE-2021-20049 | 2021-12-23 | A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier... |
| CVE-2021-20050 | 2021-12-23 | An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted management APIs being accessible without a user login, potentially exposing configuration meta-data. |
| CVE-2021-45463 | 2021-12-23 | load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library... |
| CVE-2021-4144 | 2021-12-23 | TP-Link wifi router TL-WR802N V4(JP), with firmware version prior to 211202, is vulnerable to OS command injection. |
| CVE-2021-44548 | 2021-12-23 | Apache Solr information disclosure vulnerability through DataImportHandler |
| CVE-2021-44599 | 2021-12-23 | The id parameter from Online Enrollment Management System 1.0 system appears to be vulnerable to SQL injection attacks. A crafted payload injects a SQL sub-query that calls MySQL's load_file function... |
| CVE-2021-44600 | 2021-12-23 | The password parameter on Simple Online Mens Salon Management System (MSMS) 1.0 appears to be vulnerable to SQL injection attacks through the password parameter. The predictive tests of this application... |
| CVE-2021-44526 | 2021-12-23 | Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin configurations. |
| CVE-2021-23175 | 2021-12-23 | NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does not correctly apply individual user access controls for users on the same device, which, with user intervention, may... |
| CVE-2021-43849 | 2021-12-23 | DoS vulnerability |
| CVE-2021-4118 | 2021-12-23 | Deserialization of Untrusted Data in pytorchlightning/pytorch-lightning |
| CVE-2021-43854 | 2021-12-23 | Inefficient Regular Expression Complexity in nltk |
| CVE-2021-40160 | 2021-12-23 | PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. |
| CVE-2021-40161 | 2021-12-23 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. |
| CVE-2021-45469 | 2021-12-23 | In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. |
| CVE-2017-2488 | 2021-12-23 | A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote... |
| CVE-2017-2375 | 2021-12-23 | An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit... |
| CVE-2017-13880 | 2021-12-23 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 11.2, watchOS 4.2. An application may be able to execute arbitrary code with kernel... |
| CVE-2017-13905 | 2021-12-23 | A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El... |
| CVE-2017-13835 | 2021-12-23 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13. An application may be able to execute arbitrary code with elevated... |
| CVE-2017-13892 | 2021-12-23 | An issue existed in the handling of Contact sharing. This issue was addressed with improved handling of user information. This issue is fixed in macOS High Sierra 10.13.2, Security Update... |
| CVE-2017-13906 | 2021-12-23 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, macOS... |
| CVE-2017-13907 | 2021-12-23 | A state management issue was addressed with improved state validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan. The... |
| CVE-2017-13909 | 2021-12-23 | An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local... |
| CVE-2017-13910 | 2021-12-23 | An access issue was addressed with additional sandbox restrictions on applications. This issue is fixed in macOS High Sierra 10.13. An application may be able to access restricted files. |
| CVE-2018-4478 | 2021-12-23 | A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical... |
| CVE-2019-8643 | 2021-12-23 | CVE-2019-8643: Arun Sharma of VMWare This issue is fixed in macOS Mojave 10.14. Description: A logic issue was addressed with improved state management.. |
| CVE-2018-4302 | 2021-12-23 | A null pointer dereference was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13, iCloud for Windows 7.0, watchOS 4, iOS 11, iTunes 12.7 for Windows.... |
| CVE-2017-13908 | 2021-12-23 | An issue in handling file permissions was addressed with improved validation. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan,... |
| CVE-2019-8703 | 2021-12-23 | This issue was addressed with improved entitlements. This issue is fixed in watchOS 6, tvOS 13, macOS Catalina 10.15, iOS 13. An application may be able to gain elevated privileges. |
| CVE-2019-8702 | 2021-12-23 | This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra, iOS 12.4, tvOS 12.4. A... |
| CVE-2020-3896 | 2021-12-23 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious application may... |
| CVE-2020-3886 | 2021-12-23 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra. A malicious... |
| CVE-2021-30767 | 2021-12-23 | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2,... |
| CVE-2021-35243 | 2021-12-23 | HTTP PUT & DELETE Methods Enabled |
| CVE-2021-23198 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-43987 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-22657 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-43984 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-44453 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-43981 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-43989 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-43985 | 2021-12-23 | mySCADA myPRO |
| CVE-2021-20318 | 2021-12-23 | The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions... |
| CVE-2021-44540 | 2021-12-23 | A vulnerability was found in Privoxy which was fixed in get_url_spec_param() by freeing memory of compiled pattern spec before bailing. |
| CVE-2021-44541 | 2021-12-23 | A vulnerability was found in Privoxy which was fixed in process_encrypted_request_headers() by freeing header memory when failing to get the request destination. |
| CVE-2021-44542 | 2021-12-23 | A memory leak vulnerability was found in Privoxy when handling errors. |
| CVE-2021-44543 | 2021-12-23 | An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. |
| CVE-2021-4024 | 2021-12-23 | A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system.... |
| CVE-2021-27007 | 2021-12-23 | NetApp Virtual Desktop Service (VDS) when used with an HTML5 gateway is susceptible to a vulnerability which when successfully exploited could allow an unauthenticated attacker to takeover a Remote Desktop... |
| CVE-2021-3584 | 2021-12-23 | A server side remote code execution vulnerability was found in Foreman project. A authenticated attacker could use Sendmail configuration options to overwrite the defaults and perform command injection. The highest... |
| CVE-2021-27006 | 2021-12-23 | StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a vulnerability which may allow an administrative user to escalate their privileges and modify settings in SANtricity System... |
| CVE-2021-3622 | 2021-12-23 | A flaw was found in the hivex library. This flaw allows an attacker to input a specially crafted Windows Registry (hive) file, which would cause hivex to recursively call the... |
| CVE-2021-45470 | 2021-12-23 | lib/DatabaseLayer.py in cve-search before 4.1.0 allows regular expression injection, which can lead to ReDoS (regular expression denial of service) or other impacts. |
| CVE-2020-35398 | 2021-12-23 | An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials... |