CVE List - 2021 / November
Showing 1 - 100 of 1508 CVEs for November 2021 (Page 1 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-42694 | 2021-11-01 | An issue was discovered in the character definitions of the Unicode Specification through 14.0. The specification allows an adversary to produce source code identifiers such as function names using homoglyphs... |
| CVE-2021-42917 | 2021-11-01 | Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream. |
| CVE-2021-20838 | 2021-11-01 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service... |
| CVE-2021-20839 | 2021-11-01 | Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service... |
| CVE-2021-41313 | 2021-11-01 | Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The... |
| CVE-2021-40348 | 2021-11-01 | Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run... |
| CVE-2021-41973 | 2021-11-01 | Apache MINA HTTP listener DOS |
| CVE-2015-10001 | 2021-11-01 | WP-Stats < 2.5.2 - CSRF to Stored Cross-Site Scripting (XSS) |
| CVE-2015-20019 | 2021-11-01 | Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS) |
| CVE-2015-20067 | 2021-11-01 | WP Attachment Export < 0.2.4 - Unauthenticated Posts Download |
| CVE-2018-25019 | 2021-11-01 | LearnDash < 2.5.4 - Unauthenticated Arbitrary File Upload |
| CVE-2020-36503 | 2021-11-01 | Connections Business Directory < 9.7 - Admin+ CSV Injection |
| CVE-2020-36504 | 2021-11-01 | WP-Pro-Quiz <= 0.37 - Arbitrary Quiz Deletion via CSRF |
| CVE-2020-36505 | 2021-11-01 | Delete All Comments Easily <= 1.3 - All Comments Deletion via CSRF |
| CVE-2021-24539 | 2021-11-01 | Coming Soon, Under Construction & Maintenance Mode By Dazzler < 1.6.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24570 | 2021-11-01 | Paypal Donation < 1.3.1 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24572 | 2021-11-01 | Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion |
| CVE-2021-24624 | 2021-11-01 | MP3 Audio Player for Music, Radio & Podcast by Sonaar < 2.4.2 - Multiple Admin+ Cross Site Scripting |
| CVE-2021-24682 | 2021-11-01 | Cool Tag Cloud < 2.26 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24685 | 2021-11-01 | Flat Preloader < 1.5.4 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24715 | 2021-11-01 | WP Sitemap Page < 1.7.0 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24716 | 2021-11-01 | Modern Events Calendar Lite < 5.22.3 - Authenticated Stored Cross Site Scripting |
| CVE-2021-24717 | 2021-11-01 | AutomatorWP < 1.7.6 - Missing Authorization and Privilege Escalation |
| CVE-2021-24722 | 2021-11-01 | Restaurant Menu by MotoPress < 2.4.2 - Admin+ Stored Cross Site Scripting |
| CVE-2021-24723 | 2021-11-01 | WP Reactions Lite < 1.3.6 - Authenticated Stored Cross Site Scripting |
| CVE-2021-24742 | 2021-11-01 | Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update |
| CVE-2021-24757 | 2021-11-01 | Stylish Price List < 6.9.0 - Unauthenticated Arbitrary Image Upload |
| CVE-2021-24770 | 2021-11-01 | Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload |
| CVE-2021-24773 | 2021-11-01 | WordPress Download Manager < 3.2.16 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24781 | 2021-11-01 | Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change |
| CVE-2021-24789 | 2021-11-01 | Flat Preloader < 1.5.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24793 | 2021-11-01 | WPeMatico RSS Feed Fetcher < 2.6.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24794 | 2021-11-01 | Connections Business Directory < 10.4.3 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24799 | 2021-11-01 | Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF |
| CVE-2021-24808 | 2021-11-01 | BP Better Messages < 1.9.9.41 - Reflected Cross-Site Scripting |
| CVE-2021-24809 | 2021-11-01 | BP Better Messages < 1.9.9.41 - Multiple CSRF |
| CVE-2021-24813 | 2021-11-01 | Events Made Easy < 2.2.24 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-27644 | 2021-11-01 | DolphinScheduler mysql jdbc connector parameters deserialize remote code execution |
| CVE-2021-42557 | 2021-11-01 | In Jeedom through 4.1.19, a bug allows a remote attacker to bypass API access and retrieve users credentials. |
| CVE-2021-25874 | 2021-11-01 | AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application... |
| CVE-2021-25875 | 2021-11-01 | AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as... |
| CVE-2021-25876 | 2021-11-01 | AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an... |
| CVE-2021-25877 | 2021-11-01 | AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. |
| CVE-2021-25878 | 2021-11-01 | AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions... |
| CVE-2021-27004 | 2021-11-01 | System Manager 9.x versions 9.7 and higher prior to 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow a local attacker to discover plaintext iSCSI CHAP credentials. |
| CVE-2021-22563 | 2021-11-01 | Memory Overread in libjxl |
| CVE-2021-22564 | 2021-11-01 | Out of bounds Copy in Libjxl in large image groups |
| CVE-2021-3440 | 2021-11-01 | HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege. |
| CVE-2021-3704 | 2021-11-01 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device. |
| CVE-2021-27005 | 2021-11-01 | Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of... |
| CVE-2021-29213 | 2021-11-01 | A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior... |
| CVE-2021-29212 | 2021-11-01 | A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an... |
| CVE-2021-3705 | 2021-11-01 | Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. |
| CVE-2020-28702 | 2021-11-01 | A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. |
| CVE-2021-38847 | 2021-11-01 | S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via... |
| CVE-2021-26739 | 2021-11-01 | SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter. |
| CVE-2021-26740 | 2021-11-01 | Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code. |
| CVE-2021-31849 | 2021-11-01 | Data Loss Prevention (DLP) ePO extension - SQL injection |
| CVE-2021-31848 | 2021-11-01 | Data Loss Prevention (DLP) ePO extension - Cross site scripting (XSS) |
| CVE-2021-20136 | 2021-11-01 | ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to... |
| CVE-2021-39346 | 2021-11-01 | Google Maps Easy <= 1.9.33 Authenticated Stored Cross-Site Scripting |
| CVE-2021-38356 | 2021-11-01 | NextScripts: Social Networks Auto-Poster <= 4.3.20 Reflected Cross-Site Scripting |
| CVE-2021-39333 | 2021-11-01 | Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion |
| CVE-2021-39340 | 2021-11-01 | Notification – Custom Notifications and Alerts for WordPress <= 7.2.4 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39341 | 2021-11-01 | OptinMonster <= 2.6.4 Unprotected REST-API Endpoints |
| CVE-2021-43058 | 2021-11-01 | An open redirect vulnerability exists in Replicated Classic versions prior to 2.53.1 that could lead to spoofing. To exploit this vulnerability, an attacker could send a link that has a... |
| CVE-2021-41187 | 2021-11-01 | SQL Injection in DHIS2 Tracker API |
| CVE-2021-41310 | 2021-11-01 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature... |
| CVE-2021-33593 | 2021-11-02 | Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing. |
| CVE-2021-25973 | 2021-11-02 | Publify - Improper Authorization Leads to Guest Signup Restriction Bypass |
| CVE-2021-3765 | 2021-11-02 | Inefficient Regular Expression Complexity in validatorjs/validator.js |
| CVE-2021-36560 | 2021-11-02 | Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. |
| CVE-2021-33611 | 2021-11-02 | Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14 |
| CVE-2020-27406 | 2021-11-02 | Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname. |
| CVE-2020-35249 | 2021-11-02 | Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature. |
| CVE-2021-27722 | 2021-11-02 | An issue was discovered in Nsasoft US LLC SpotAuditor 5.3.5. The program can be crashed by entering 300 bytes char data into the "Key" or "Name" field while registering. |
| CVE-2021-37842 | 2021-11-02 | metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase... |
| CVE-2021-42763 | 2021-11-02 | Couchbase Server before 6.6.3 and 7.x before 7.0.2 stores Sensitive Information in Cleartext. The issue occurs when the cluster manager forwards a HTTP request from the pluggable UI (query workbench... |
| CVE-2021-36922 | 2021-11-02 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution,... |
| CVE-2021-36923 | 2021-11-02 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation... |
| CVE-2021-36924 | 2021-11-02 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code... |
| CVE-2021-36925 | 2021-11-02 | RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of... |
| CVE-2021-42568 | 2021-11-02 | Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privileged account. |
| CVE-2021-36794 | 2021-11-02 | In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process. |
| CVE-2021-29737 | 2021-11-02 | IBM InfoSphere Data Flow Designer Engine (IBM InfoSphere Information Server 11.7 ) component has improper validation of the REST API server certificate. IBM X-Force ID: 201301. |
| CVE-2021-29738 | 2021-11-02 | IBM InfoSphere Data Flow Designer (IBM InfoSphere Information Server 11.7 ) is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the... |
| CVE-2021-29771 | 2021-11-02 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29875 | 2021-11-02 | IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information due to a insecure third party domain access vulnerability. IBM X-Force ID: 206572. |
| CVE-2021-29888 | 2021-11-02 | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.... |
| CVE-2021-38948 | 2021-11-02 | IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information... |
| CVE-2021-36181 | 2021-11-02 | A concurrent execution using shared resource with improper Synchronization vulnerability ('Race Condition') in the customer database interface of FortiPortal before 6.0.6 may allow an authenticated, low-privilege user to bring the... |
| CVE-2021-36172 | 2021-11-02 | An improper restriction of XML external entity reference vulnerability in the parser of XML responses of FortiPortal before 6.0.6 may allow an attacker who controls the producer of XML reports... |
| CVE-2021-41019 | 2021-11-02 | An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading... |
| CVE-2020-18438 | 2021-11-02 | Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php. |
| CVE-2020-18439 | 2021-11-02 | An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell. |
| CVE-2020-18440 | 2021-11-02 | Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code. |
| CVE-2020-20657 | 2021-11-02 | Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect. |
| CVE-2020-20658 | 2021-11-02 | Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space. |
| CVE-2020-21572 | 2021-11-02 | Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service. |
| CVE-2020-21573 | 2021-11-02 | An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file. |