CVE List - 2021 / December
Showing 601 - 700 of 1978 CVEs for December 2021 (Page 7 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24863 | 2021-12-13 | StopBadBots < 6.67 - Unauthenticated SQL Injection |
| CVE-2021-24871 | 2021-12-13 | Get Custom Field Values < 4.0.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24872 | 2021-12-13 | Get Custom Field Values < 4.0 - Contributors+ Arbitrary Post Metadata Access |
| CVE-2021-24896 | 2021-12-13 | Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24922 | 2021-12-13 | Pixel Cat Lite < 2.6.2 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24925 | 2021-12-13 | Modern Events Calendar Lite < 6.1.5 - Reflected Cross-Site Scripting |
| CVE-2021-24932 | 2021-12-13 | Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting |
| CVE-2021-24945 | 2021-12-13 | Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure |
| CVE-2021-24946 | 2021-12-13 | Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection |
| CVE-2021-24951 | 2021-12-13 | LearnPress < 4.1.4 - Admin+ SQL Injection |
| CVE-2021-24954 | 2021-12-13 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting |
| CVE-2021-24955 | 2021-12-13 | ProfilePress < 3.2.3 - Reflected Cross-Site Scripting |
| CVE-2021-24970 | 2021-12-13 | All-In-One-Gallery < 2.5.0 - Admin+ Local File Inclusion |
| CVE-2021-24972 | 2021-12-13 | Pixel Cat Lite < 2.6.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-42546 | 2021-12-13 | Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive |
| CVE-2021-42547 | 2021-12-13 | reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box |
| CVE-2021-42548 | 2021-12-13 | reflected XSS in search functionality of WP Cloud Plugins - Share-one-Drive |
| CVE-2021-42549 | 2021-12-13 | reflected XSS in search functionality of WP Cloud Plugins - Lets-Box |
| CVE-2021-43117 | 2021-12-13 | fastadmin v1.2.1 is affected by a file upload vulnerability which allows arbitrary code execution through shell access. |
| CVE-2021-36169 | 2021-12-13 | A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations. |
| CVE-2021-44966 | 2021-12-13 | SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change... |
| CVE-2021-44965 | 2021-12-13 | Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. |
| CVE-2021-39910 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39918 | 2021-12-13 | Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows a user... |
| CVE-2021-39940 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39944 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39945 | 2021-12-13 | Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,... |
| CVE-2021-39931 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39936 | 2021-12-13 | Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an... |
| CVE-2021-39937 | 2021-12-13 | A collision in access memoization logic in all versions of GitLab CE/EE before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, leads to... |
| CVE-2021-39938 | 2021-12-13 | A vulnerable regular expression pattern in GitLab CE/EE since version 8.15 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker... |
| CVE-2021-39933 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39915 | 2021-12-13 | Improper access control in the GraphQL API in GitLab CE/EE affecting all versions starting from 13.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5... |
| CVE-2021-39919 | 2021-12-13 | In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and... |
| CVE-2021-39916 | 2021-12-13 | Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from... |
| CVE-2021-39934 | 2021-12-13 | Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all... |
| CVE-2021-39917 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39932 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39935 | 2021-12-13 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2.... |
| CVE-2021-39941 | 2021-12-13 | An information disclosure vulnerability in GitLab CE/EE versions 12.0 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed non-project members to see the default branch name for projects that... |
| CVE-2021-39930 | 2021-12-13 | Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4, and between 14.5.0 and 14.5.2 allowed an attacker to access a user's custom project and group... |
| CVE-2021-39939 | 2021-12-13 | An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2,... |
| CVE-2021-22279 | 2021-12-13 | OmniCore RobotWare Missing Authentication Vulnerability |
| CVE-2021-40007 | 2021-12-13 | There is an information leak vulnerability in eCNS280_TD V100R005C10SPC650. The vulnerability is caused by improper log output management. An attacker with the ability to access the log file of device... |
| CVE-2021-40008 | 2021-12-13 | There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory... |
| CVE-2021-43983 | 2021-12-13 | WECON LeviStudioU |
| CVE-2020-16154 | 2021-12-13 | The App::cpanminus package 1.7044 for Perl allows Signature Verification Bypass. |
| CVE-2020-16155 | 2021-12-13 | The CPAN::Checksums package 2.12 for Perl does not uniquely define signed data. |
| CVE-2020-16156 | 2021-12-13 | CPAN 2.28 allows Signature Verification Bypass. |
| CVE-2021-38947 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 211242. |
| CVE-2021-39052 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the Spring Boot console without authorization. IBM X-Force ID: 214523. |
| CVE-2021-39053 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to obtain sensitive information, caused by the improper handling of requests for Spectrum Copy Data Management Admin... |
| CVE-2021-39054 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web... |
| CVE-2021-39058 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 214617. |
| CVE-2021-39064 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier has weak authentication and password rules and incorrectly handles default credentials for the Spectrum Copy Data Management Admin console. IBM X-Force ID:... |
| CVE-2021-39065 | 2021-12-13 | IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of user-supplied input by the Spectrum... |
| CVE-2021-43818 | 2021-12-13 | HTML Cleaner allows crafted and SVG embedded scripts to pass through |
| CVE-2021-32024 | 2021-12-13 | A remote code execution vulnerability in the BMP image codec of BlackBerry QNX SDP version(s) 6.4 to 7.1 could allow an attacker to potentially execute code in the context of... |
| CVE-2020-4496 | 2021-12-13 | The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM... |
| CVE-2021-38901 | 2021-12-13 | IBM Spectrum Protect Operations Center 7.1, under special configurations, could allow a local user to obtain highly sensitive information. IBM X-Force ID: 209610. |
| CVE-2021-39048 | 2021-12-13 | IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a... |
| CVE-2021-39049 | 2021-12-13 | IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower... |
| CVE-2021-39050 | 2021-12-13 | IBM i2 Analyst's Notebook 9.2.0, 9.2.1, and 9.2.2 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower... |
| CVE-2021-39057 | 2021-12-13 | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to... |
| CVE-2021-39063 | 2021-12-13 | IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x uses Cross-Origin Resource Sharing (CORS) which could allow an attacker to carry out privileged actions and retrieve sensitive information due to a misconfiguration... |
| CVE-2021-43801 | 2021-12-13 | Uncaught Exception in mercurius |
| CVE-2021-43814 | 2021-12-13 | Heap-based OOB write when parsing dwarf DIE info in Rizin |
| CVE-2021-43817 | 2021-12-13 | Reflected Cross-Site-Scripting vulnerability in Collabora Online |
| CVE-2021-43822 | 2021-12-13 | SQL injection in jackalope/jackalope-doctrine-dbal |
| CVE-2021-43823 | 2021-12-13 | Side-channel attack in Sourcegraph |
| CVE-2021-24045 | 2021-12-13 | A type confusion vulnerability could be triggered when resolving the "typeof" unary operator in Facebook Hermes prior to v0.10.0. Note that this is only exploitable if the application using Hermes... |
| CVE-2020-19042 | 2021-12-13 | Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. |
| CVE-2021-41272 | 2021-12-13 | SHL, SHR, and SAR operations trigger native exception at key values in besu |
| CVE-2021-4104 | 2021-12-14 | Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 |
| CVE-2021-42023 | 2021-12-14 | A vulnerability has been identified in ModelSim Simulation (All versions), Questa Simulation (All versions). The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required... |
| CVE-2021-3831 | 2021-12-14 | Cross-site Scripting (XSS) - Reflected in gnuboard/gnuboard5 |
| CVE-2021-44935 | 2021-12-14 | glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. |
| CVE-2021-41547 | 2021-12-14 | A vulnerability has been identified in Teamcenter Active Workspace V4.3 (All versions < V4.3.11), Teamcenter Active Workspace V5.0 (All versions < V5.0.10), Teamcenter Active Workspace V5.1 (All versions < V5.1.6),... |
| CVE-2021-42022 | 2021-12-14 | A vulnerability has been identified in SIMATIC eaSie PCS 7 Skill Package (All versions < V21.00 SP3). When downloading files, the affected systems do not properly neutralize special elements within... |
| CVE-2021-42024 | 2021-12-14 | A vulnerability has been identified in Simcenter STAR-CCM+ Viewer (All versions < 2021.3.1). The starview+.exe application lacks proper validation of user-supplied data when parsing scene files. This could result in... |
| CVE-2021-42027 | 2021-12-14 | A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow... |
| CVE-2021-44001 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an... |
| CVE-2021-44002 | 2021-12-14 | A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains an out of... |
| CVE-2021-44003 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to use of uninitialized memory while parsing user supplied... |
| CVE-2021-44004 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44005 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an... |
| CVE-2021-44006 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an out of bounds write past the end of an... |
| CVE-2021-44007 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll contains an off-by-one error in the heap while parsing specially crafted... |
| CVE-2021-44008 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44009 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44010 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Tiff_Loader.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44011 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44012 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Jt1001.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44013 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The DL180pdfl.dll contains an out of bounds write past the end of an... |
| CVE-2021-44014 | 2021-12-14 | A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability... |
| CVE-2021-44015 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The VCRUNTIME140.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44017 | 2021-12-14 | A vulnerability has been identified in JT2Go (All versions < V13.2.0.5), Teamcenter Visualization (All versions < V13.2.0.5). The Image.dll is vulnerable to an out of bounds read past the end... |
| CVE-2021-44165 | 2021-12-14 | A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41),... |
| CVE-2021-44430 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write... |
| CVE-2021-44431 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read... |