CVE List - 2021 / December
Showing 401 - 500 of 1978 CVEs for December 2021 (Page 5 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-25510 | 2021-12-08 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021... |
| CVE-2021-25511 | 2021-12-08 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021... |
| CVE-2021-25512 | 2021-12-08 | An improper validation vulnerability in telephony prior to SMR Dec-2021... |
| CVE-2021-25513 | 2021-12-08 | An improper privilege management vulnerability in Apps Edge application prior... |
| CVE-2021-25514 | 2021-12-08 | An improper intent redirection handling in Tags prior to SMR... |
| CVE-2021-25515 | 2021-12-08 | An improper usage of implicit intent in SemRewardManager prior to... |
| CVE-2021-25516 | 2021-12-08 | An improper check or handling of exceptional conditions in Exynos... |
| CVE-2021-25517 | 2021-12-08 | An improper input validation vulnerability in LDFW prior to SMR... |
| CVE-2021-25518 | 2021-12-08 | An improper boundary check in secure_log of LDFW and BL31... |
| CVE-2021-25519 | 2021-12-08 | An improper access control vulnerability in CPLC prior to SMR... |
| CVE-2021-25520 | 2021-12-08 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink... |
| CVE-2021-25521 | 2021-12-08 | Insecure caller check in sharevia deeplink logic prior to Samsung... |
| CVE-2021-25522 | 2021-12-08 | Insecure storage of sensitive information vulnerability in Smart Capture prior... |
| CVE-2021-25523 | 2021-12-08 | Insecure storage of device information in Samsung Dialer prior to... |
| CVE-2021-25524 | 2021-12-08 | Insecure storage of device information in Contacts prior to version... |
| CVE-2021-25525 | 2021-12-08 | Improper check or handling of exception conditions vulnerability in Samsung... |
| CVE-2021-25526 | 2021-12-08 | Intent redirection vulnerability in Samsung Blockchain Wallet prior to version... |
| CVE-2021-25527 | 2021-12-08 | Improper export of Android application components vulnerability in Samsung Pay... |
| CVE-2021-42835 | 2021-12-08 | An issue was discovered in Plex Media Server through 1.24.4.5081-e362dc1ee.... |
| CVE-2021-40860 | 2021-12-08 | A SQL Injection in the custom filter query component in... |
| CVE-2021-40861 | 2021-12-08 | A SQL Injection in the custom filter query component in... |
| CVE-2021-41450 | 2021-12-08 | An HTTP request smuggling attack in TP-Link AX10v1 before v1_211117... |
| CVE-2021-42110 | 2021-12-08 | An issue was discovered in Allegro Windows (formerly Popsy Windows)... |
| CVE-2021-3815 | 2021-12-08 | Prototype Pollution in fabiocaccamo/utils.js |
| CVE-2021-41090 | 2021-12-08 | Instance config inline secret exposure |
| CVE-2021-27860 | 2021-12-08 | Arbitrary file upload vulnerability in FatPipe software |
| CVE-2021-41063 | 2021-12-08 | SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior... |
| CVE-2021-41021 | 2021-12-08 | A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below... |
| CVE-2021-41030 | 2021-12-08 | An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS... |
| CVE-2021-36195 | 2021-12-08 | Multiple command injection vulnerabilities in the command line interpreter of... |
| CVE-2021-43978 | 2021-12-08 | Allegro WIndows 3.3.4152.0, embeds software administrator database credentials into its... |
| CVE-2021-43399 | 2021-12-08 | The Yubico YubiHSM YubiHSM2 library 2021.08, included in the yubihsm-shell... |
| CVE-2020-27416 | 2021-12-08 | Mahavitaran android application 7.50 and prior are affected by account... |
| CVE-2021-36173 | 2021-12-08 | A heap-based buffer overflow in the firmware signature verification function... |
| CVE-2021-41025 | 2021-12-08 | Multiple vulnerabilities in the authentication mechanism of confd in FortiWeb... |
| CVE-2021-43809 | 2021-12-08 | Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile |
| CVE-2021-41017 | 2021-12-08 | Multiple heap-based buffer overflow vulnerabilities in some web API controllers... |
| CVE-2021-36720 | 2021-12-08 | Cybonet - PineApp |
| CVE-2021-36719 | 2021-12-08 | Cybonet - PineApp |
| CVE-2021-36718 | 2021-12-08 | SYNEL - eharmonynew / Synel Reports version 8.0.2 Default credentials , Security miscommunication , Sensetive data exposure |
| CVE-2021-37941 | 2021-12-08 | A local privilege escalation issue was found with the APM... |
| CVE-2021-23859 | 2021-12-08 | Denial of Service and Authentication Bypass Vulnerability in multiple Bosch products |
| CVE-2021-23860 | 2021-12-08 | Reflected Cross Site Scripting (XSS) vulnerability in Bosch VRM / BVMS |
| CVE-2021-23861 | 2021-12-08 | Possible Access to Debug Functions in Bosch VRM / BVMS |
| CVE-2021-23862 | 2021-12-08 | Authenticated Remote Code Execution |
| CVE-2021-43546 | 2021-12-08 | It was possible to recreate previous cursor spoofing attacks against... |
| CVE-2021-43545 | 2021-12-08 | Using the Location API in a loop could have caused... |
| CVE-2021-43544 | 2021-12-08 | When receiving a URL through a SEND intent, Firefox would... |
| CVE-2021-43543 | 2021-12-08 | Documents loaded with the CSP sandbox directive could have escaped... |
| CVE-2021-43542 | 2021-12-08 | Using XMLHttpRequest, an attacker could have identified installed applications by... |
| CVE-2021-43541 | 2021-12-08 | When invoking protocol handlers for external protocols, a supplied parameter... |
| CVE-2021-43540 | 2021-12-08 | WebExtensions with the correct permissions were able to create and... |
| CVE-2021-43539 | 2021-12-08 | Failure to correctly record the location of live pointers across... |
| CVE-2021-43538 | 2021-12-08 | By misusing a race in our notification code, an attacker... |
| CVE-2021-43537 | 2021-12-08 | An incorrect type conversion of sizes from 64bit to 32bit... |
| CVE-2021-43536 | 2021-12-08 | Under certain circumstances, asynchronous functions could have caused a navigation... |
| CVE-2021-43535 | 2021-12-08 | A use-after-free could have occured when an HTTP2 session object... |
| CVE-2021-43534 | 2021-12-08 | Mozilla developers and community members reported memory safety bugs present... |
| CVE-2021-43533 | 2021-12-08 | When parsing internationalized domain names, high bits of the characters... |
| CVE-2021-43532 | 2021-12-08 | The 'Copy Image Link' context menu action would copy the... |
| CVE-2021-43531 | 2021-12-08 | When a user loaded a Web Extensions context menu, the... |
| CVE-2021-43530 | 2021-12-08 | A Universal XSS vulnerability was present in Firefox for Android... |
| CVE-2021-43528 | 2021-12-08 | Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript... |
| CVE-2021-38510 | 2021-12-08 | The executable file warning was not presented when downloading .inetloc... |
| CVE-2021-38509 | 2021-12-08 | Due to an unusual sequence of attacker-controlled events, a Javascript... |
| CVE-2021-38508 | 2021-12-08 | By displaying a form validity message in the correct location... |
| CVE-2021-38507 | 2021-12-08 | The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a... |
| CVE-2021-38506 | 2021-12-08 | Through a series of navigations, Firefox could have entered fullscreen... |
| CVE-2021-38505 | 2021-12-08 | Microsoft introduced a new feature in Windows 10 known as... |
| CVE-2021-38504 | 2021-12-08 | When interacting with an HTML input element's file picker dialog... |
| CVE-2021-38503 | 2021-12-08 | The iframe sandbox rules were not correctly applied to XSLT... |
| CVE-2021-4048 | 2021-12-08 | An out-of-bounds read flaw was found in the CLARRV, DLARRV,... |
| CVE-2021-21951 | 2021-12-08 | An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of... |
| CVE-2021-21950 | 2021-12-08 | An out-of-bounds write vulnerability exists in the CMD_DEVICE_GET_SERVER_LIST_REQUEST functionality of... |
| CVE-2021-21957 | 2021-12-08 | A privilege escalation vulnerability exists in the Remote Server functionality... |
| CVE-2021-43811 | 2021-12-08 | Code injection via unsafe YAML loading |
| CVE-2021-43797 | 2021-12-09 | HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling |
| CVE-2021-36194 | 2021-12-09 | Multiple stack-based buffer overflows in the API controllers of FortiWeb... |
| CVE-2021-43410 | 2021-12-09 | airavata-django-portal allows CRLF log injection because of the lack of escaping in the log statements |
| CVE-2021-43204 | 2021-12-09 | A improper control of a resource through its lifetime in... |
| CVE-2021-36189 | 2021-12-09 | A missing encryption of sensitive data in Fortinet FortiClientEMS version... |
| CVE-2021-43065 | 2021-12-09 | A incorrect permission assignment for critical resource in Fortinet FortiNAC... |
| CVE-2021-43071 | 2021-12-09 | A heap-based buffer overflow in Fortinet FortiWeb version 6.4.1 and... |
| CVE-2021-42759 | 2021-12-09 | A violation of secure design principles in Fortinet Meru AP... |
| CVE-2021-36167 | 2021-12-09 | An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0... |
| CVE-2021-43068 | 2021-12-09 | A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user... |
| CVE-2021-3817 | 2021-12-09 | SQL Injection in wbce/wbce_cms |
| CVE-2021-22565 | 2021-12-09 | Insufficient Granularity of Access Control in GAEN Notification Server |
| CVE-2021-41449 | 2021-12-09 | A path traversal attack in web interfaces of Netgear RAX35,... |
| CVE-2021-20143 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |
| CVE-2021-20144 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |
| CVE-2021-20145 | 2021-12-09 | Gryphon Tower routers contain an unprotected openvpn configuration file which... |
| CVE-2021-20146 | 2021-12-09 | An unprotected ssh private key exists on the Gryphon devices... |
| CVE-2021-41694 | 2021-12-09 | An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via... |
| CVE-2021-20140 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |
| CVE-2021-20141 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |
| CVE-2021-20142 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |
| CVE-2021-20137 | 2021-12-09 | A reflected cross-site scripting vulnerability exists in the url parameter... |
| CVE-2021-20138 | 2021-12-09 | An unauthenticated command injection vulnerability exists in multiple parameters in... |
| CVE-2021-20139 | 2021-12-09 | An unauthenticated command injection vulnerability exists in the parameters of... |