CVE List - 2021 / December
Showing 701 - 800 of 1978 CVEs for December 2021 (Page 8 of 20)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-44432 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while... |
| CVE-2021-44433 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains a use after free vulnerability that could... |
| CVE-2021-44434 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write... |
| CVE-2021-44435 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while... |
| CVE-2021-44436 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read... |
| CVE-2021-44437 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write... |
| CVE-2021-44438 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds write... |
| CVE-2021-44439 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read... |
| CVE-2021-44440 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to memory corruption condition while parsing... |
| CVE-2021-44441 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44442 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44443 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44444 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read... |
| CVE-2021-44445 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44446 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44447 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products contains a use-after-free vulnerability that could be triggered... |
| CVE-2021-44448 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V13.0.3.0), JTTK (All versions < V11.0.3.0). JTTK library in affected products is vulnerable to an out of bounds read... |
| CVE-2021-44449 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products contains an out of bounds write past the... |
| CVE-2021-44450 | 2021-12-14 | A vulnerability has been identified in JT Utilities (All versions < V12.8.1.1), JTTK (All versions < V10.8.1.1). JTTK library in affected products is vulnerable to an out of bounds read... |
| CVE-2021-44522 | 2021-12-14 | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All... |
| CVE-2021-44523 | 2021-12-14 | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All... |
| CVE-2021-44524 | 2021-12-14 | A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated V2.80 (All versions), SiPass integrated V2.85 (All versions), Siveillance Identity V1.5 (All versions), Siveillance Identity V1.6 (All... |
| CVE-2021-44937 | 2021-12-14 | glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will... |
| CVE-2021-3376 | 2021-12-14 | An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter. |
| CVE-2021-44538 | 2021-12-14 | The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially... |
| CVE-2021-45014 | 2021-12-14 | There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26 |
| CVE-2021-45015 | 2021-12-14 | taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line 60 to line 72. |
| CVE-2021-36721 | 2021-12-14 | Sysaid - Sysaid API User Enumeration |
| CVE-2021-42050 | 2021-12-14 | An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. |
| CVE-2021-44949 | 2021-12-14 | glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. |
| CVE-2021-42051 | 2021-12-14 | An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. |
| CVE-2021-4107 | 2021-12-14 | Cross-site Scripting (XSS) - Reflected in yetiforcecompany/yetiforcecrm |
| CVE-2021-4007 | 2021-12-14 | Rapid7 Insight Agent Privilege Escalation |
| CVE-2021-44549 | 2021-12-14 | SMTPS server hostname not checked when making TLS connection to SMTPS server |
| CVE-2021-3836 | 2021-12-14 | Improper Restriction of XML External Entity Reference in dbeaver/dbeaver |
| CVE-2021-41067 | 2021-12-14 | An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited... |
| CVE-2021-41066 | 2021-12-14 | An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the... |
| CVE-2021-41065 | 2021-12-14 | An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed... |
| CVE-2021-44231 | 2021-12-14 | Internally used text extraction reports allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. |
| CVE-2021-44233 | 2021-12-14 | SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges. |
| CVE-2021-44235 | 2021-12-14 | Two methods of a utility class in SAP NetWeaver AS ABAP - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, allow an... |
| CVE-2021-44232 | 2021-12-14 | SAF-T Framework Transaction SAFTN_G allows an attacker to exploit insufficient validation of path information provided by normal user, leading to full server directory access. The attacker can see the whole... |
| CVE-2021-42063 | 2021-12-14 | A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized... |
| CVE-2021-42066 | 2021-12-14 | SAP Business One - version 10.0, allows an admin user to view DB password in plain text over the network, which should otherwise be encrypted. For an attacker to discover... |
| CVE-2021-42069 | 2021-12-14 | When a user opens manipulated Tagged Image File Format (.tif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily... |
| CVE-2021-38182 | 2021-12-14 | Due to insufficient input validation of Kyma, authenticated users can pass a Header of their choice and escalate privileges which can completely compromise the cluster. |
| CVE-2021-42064 | 2021-12-14 | If configured to use an Oracle database and if a query is created using the flexible search java api with a parameterized "in" clause, SAP Commerce - versions 1905, 2005,... |
| CVE-2021-42070 | 2021-12-14 | When a user opens manipulated Jupiter Tessellation (.jt) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to... |
| CVE-2021-42068 | 2021-12-14 | When a user opens a manipulated GIF (.gif) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to... |
| CVE-2021-42061 | 2021-12-14 | SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve... |
| CVE-2021-39315 | 2021-12-14 | Magic Post Voice <= 1.2 Reflected Cross-Site Scripting |
| CVE-2021-39319 | 2021-12-14 | duoFAQ - Responsive, Flat, Simple FAQ <= 1.4.8 Reflected Cross-Site Scripting |
| CVE-2021-42367 | 2021-12-14 | Variation Swatches for WooCommerce <= 2.1.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-41836 | 2021-12-14 | Fathom Analytics <= 3.0.4 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39318 | 2021-12-14 | H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-39314 | 2021-12-14 | WooCommerce EnvioPack <= 1.2 Reflected Cross-Site Scripting |
| CVE-2021-39309 | 2021-12-14 | Parsian Bank Gateway for Woocommerce <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-39311 | 2021-12-14 | link-list-manager <= 1.0 Reflected Cross-Site Scripting |
| CVE-2021-38361 | 2021-12-14 | .htaccess Redirect <= 0.3.1 Reflected Cross-Site Scripting |
| CVE-2021-4073 | 2021-12-14 | RegistrationMagic <= 5.0.1.7 Authentication Bypass |
| CVE-2021-39308 | 2021-12-14 | WooCommerce myghpay Payment Gateway <= 3.0 Reflected Cross-Site Scripting |
| CVE-2021-39312 | 2021-12-14 | True Ranker <= 2.2.2 Directory Traversal/Arbitrary File Read |
| CVE-2021-39310 | 2021-12-14 | Real WYSIWYG <= 0.0.2 Reflected Cross-Site Scripting |
| CVE-2021-39313 | 2021-12-14 | Simple Image Gallery <= 1.0.6 Reflected Cross-Site Scripting |
| CVE-2021-38950 | 2021-12-14 | IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when SharedBindingsUserId is set to effective. IBM X-ForceID: 211404. |
| CVE-2021-45046 | 2021-12-14 | Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack |
| CVE-2021-44042 | 2021-12-14 | An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being... |
| CVE-2021-44041 | 2021-12-14 | UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to... |
| CVE-2021-44043 | 2021-12-14 | An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker... |
| CVE-2021-40882 | 2021-12-14 | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. |
| CVE-2021-43388 | 2021-12-14 | Unisys Cargo Mobile Application before 1.2.29 uses cleartext to store sensitive information, which might be revealed in a backup. The issue is addressed by ensuring that the allowBackup flag (in... |
| CVE-2021-40883 | 2021-12-14 | A Remote Code Execution (RCE) vulnerability exists in emlog 5.3.1 via content/plugins. |
| CVE-2021-43807 | 2021-12-14 | HTTP Method Spoofing in Opencast |
| CVE-2018-10228 | 2021-12-14 | Cross-site scripting (XSS) vulnerability in /application/controller/admin/theme.php in LimeSurvey 3.6.2+180406 allows remote attackers to inject arbitrary web script or HTML via the changes_cp parameter to the index.php/admin/themes/sa/templatesavechanges URI. |
| CVE-2021-4044 | 2021-12-14 | Invalid handling of X509_verify_cert() internal errors in libssl |
| CVE-2021-43820 | 2021-12-14 | Permissions check bypass in Seafile |
| CVE-2021-43821 | 2021-12-14 | Files Accessible to External Parties in Opencast |
| CVE-2021-43051 | 2021-12-14 | TIBCO Spotfire Server API Authorization Vulnerability |
| CVE-2021-43828 | 2021-12-14 | Improper Privilege Management in Patrowl |
| CVE-2021-43830 | 2021-12-14 | SQL injection in OpenProject |
| CVE-2021-43829 | 2021-12-14 | Unrestricted Upload of Files in Patrowl |
| CVE-2021-34425 | 2021-12-14 | Server Side Request Forgery in Zoom Client for Meetings chat |
| CVE-2021-34426 | 2021-12-14 | Arbitrary command execution in Keybase Client for Windows |
| CVE-2021-39183 | 2021-12-14 | Unsafe inline XSS Owncast |
| CVE-2021-44942 | 2021-12-14 | glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a... |
| CVE-2021-4108 | 2021-12-14 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2021-43827 | 2021-12-14 | Inline footnotes wrapped in <a> tags can cause errors in discourse-footnotes |
| CVE-2021-43113 | 2021-12-15 | iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java. |
| CVE-2021-4110 | 2021-12-15 | NULL Pointer Dereference in mruby/mruby |
| CVE-2021-41870 | 2021-12-15 | An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files. |
| CVE-2021-41871 | 2021-12-15 | An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed... |
| CVE-2021-41844 | 2021-12-15 | Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. |
| CVE-2021-41557 | 2021-12-15 | Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role... |
| CVE-2021-43325 | 2021-12-15 | Automox Agent 33 on Windows incorrectly sets permissions on a temporary directory. NOTE: this issue exists because of a CVE-2021-43326 regression. |
| CVE-2021-43326 | 2021-12-15 | Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory. |
| CVE-2021-42945 | 2021-12-15 | A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. |
| CVE-2021-42220 | 2021-12-15 | A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. |
| CVE-2021-41560 | 2021-12-15 | OpenCATS through 0.9.6 allows remote attackers to execute arbitrary code by uploading an executable file via lib/FileUtility.php. |
| CVE-2021-40827 | 2021-12-15 | Clementine Music Player through 1.3.1 (when a GLib 2.0.0 DLL is used) is vulnerable to a Read Access Violation on Block Data Move, affecting the MP3 file parsing functionality at... |
| CVE-2021-40826 | 2021-12-15 | Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation, affecting the MP3 file parsing functionality at clementine+0x3aa207. The vulnerability is triggered when the user opens... |