CVE List - 2021 / November
Showing 901 - 1000 of 1508 CVEs for November 2021 (Page 10 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-26338 | 2021-11-16 | Improper access controls in System Management Unit (SMU) may allow for an attacker to override performance control tables located in DRAM resulting in a potential lack of system resources. |
| CVE-2021-26312 | 2021-11-16 | Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to... |
| CVE-2021-26329 | 2021-11-16 | AMD System Management Unit (SMU) may experience an integer overflow when an invalid length is provided which may result in a potential loss of resources. |
| CVE-2021-26322 | 2021-11-16 | Persistent platform private key may not be protected with a random IV leading to a potential “two time pad attack”. |
| CVE-2020-12946 | 2021-11-16 | Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service. |
| CVE-2021-26336 | 2021-11-16 | Insufficient bounds checking in System Management Unit (SMU) may cause invalid memory accesses/updates that could result in SMU hang and subsequent failure to service any further requests from other components. |
| CVE-2021-41252 | 2021-11-16 | Cross-site scripting (XSS) from writer field content in the site frontend |
| CVE-2021-26320 | 2021-11-16 | Insufficient validation of the AMD SEV Signing Key (ASK) in the SEND_START command in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of... |
| CVE-2021-41258 | 2021-11-16 | Cross-site scripting (XSS) from image block content in the site frontend |
| CVE-2020-12951 | 2021-11-16 | Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations. |
| CVE-2020-21639 | 2021-11-16 | Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2020-21627 | 2021-11-16 | Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. |
| CVE-2021-26321 | 2021-11-16 | Insufficient ID command validation in the SEV Firmware may allow a local authenticated attacker to perform a denial of service of the PSP. |
| CVE-2021-26335 | 2021-11-16 | Improper input and range checking in the AMD Secure Processor (ASP) boot loader image header may allow an attacker to use attacker-controlled values prior to signature validation potentially resulting in... |
| CVE-2021-26331 | 2021-11-16 | AMD System Management Unit (SMU) contains a potential issue where a malicious user may be able to manipulate mailbox entries leading to arbitrary code execution. |
| CVE-2020-12954 | 2021-11-16 | A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification. |
| CVE-2021-26315 | 2021-11-16 | When the AMD Platform Security Processor (PSP) boot rom loads, authenticates, and subsequently decrypts an encrypted FW, due to insufficient verification of the integrity of decrypted image, arbitrary code may... |
| CVE-2020-12961 | 2021-11-16 | A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing... |
| CVE-2021-26323 | 2021-11-16 | Failure to validate SEV Commands while SNP is active may result in a potential impact to memory integrity. |
| CVE-2020-12944 | 2021-11-16 | Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution. |
| CVE-2021-26327 | 2021-11-16 | Insufficient validation of guest context in the SNP Firmware could lead to a potential loss of guest confidentiality. |
| CVE-2021-26330 | 2021-11-16 | AMD System Management Unit (SMU) may experience a heap-based overflow which may result in a loss of resources. |
| CVE-2021-26325 | 2021-11-16 | Insufficient input validation in the SNP_GUEST_REQUEST command may lead to a potential data abort error and a denial of service. |
| CVE-2021-26337 | 2021-11-16 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA read from invalid DRAM address to SRAM resulting in SMU not servicing further requests. |
| CVE-2021-42726 | 2021-11-16 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution |
| CVE-2021-43013 | 2021-11-16 | Adobe Media Encoder memory corruption vulnerability could lead to remote code execution |
| CVE-2021-42721 | 2021-11-16 | Adobe Bridge Use After Free could lead to Arbitrary code execution |
| CVE-2021-42723 | 2021-11-16 | Adobe Bridge Out-of-bounds read could lead to Arbitrary Code Execution |
| CVE-2021-42731 | 2021-11-16 | Adobe Indesign Buffer Overflow Could Lead to Remote Code Execution |
| CVE-2021-42725 | 2021-11-16 | Adobe Bridge Memory Corruption could lead to Arbitrary code execution |
| CVE-2021-43012 | 2021-11-16 | Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution |
| CVE-2021-43011 | 2021-11-16 | Adobe Prelude M4A file memory corruption vulnerability could lead to remote code execution |
| CVE-2021-33479 | 2021-11-17 | A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. |
| CVE-2021-33480 | 2021-11-17 | An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. |
| CVE-2021-33481 | 2021-11-17 | A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. |
| CVE-2021-41164 | 2021-11-17 | Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML |
| CVE-2021-43976 | 2021-11-17 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
| CVE-2021-43997 | 2021-11-17 | FreeRTOS versions 10.2.0 through 10.4.5 do not prevent non-kernel code from calling the xPortRaisePrivilege internal function to raise privilege. FreeRTOS versions through 10.4.6 do not prevent a third party that... |
| CVE-2021-3939 | 2021-11-17 | Free of static data in accountsservice |
| CVE-2021-43337 | 2021-11-17 | SchedMD Slurm 21.08.* before 21.08.4 has Incorrect Access Control. On sites using the new AccountingStoreFlags=job_script and/or job_env options, the access control rules in SlurmDBD may permit users to request job... |
| CVE-2021-24598 | 2021-11-17 | Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24758 | 2021-11-17 | Email Log < 2.4.7 - Admin+ SQL Injection |
| CVE-2021-24772 | 2021-11-17 | Stream < 3.8.2 - Admin+ SQL Injection |
| CVE-2021-24776 | 2021-11-17 | WP Performance Score Booster < 2.1 - Settings Change via CSRF |
| CVE-2021-24787 | 2021-11-17 | Client Invoicing by Sprout Invoices < 19.9.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24796 | 2021-11-17 | My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24802 | 2021-11-17 | Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF |
| CVE-2021-24804 | 2021-11-17 | Simple JWT Login < 3.2.1 - Arbitrary Settings Update to Site Takeover via CSRF |
| CVE-2021-24815 | 2021-11-17 | Paypal Donation < 1.3.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24833 | 2021-11-17 | YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Preview Module |
| CVE-2021-24834 | 2021-11-17 | YOP Poll < 6.3.1 - Author+ Stored Cross-Site Scripting via Options Module |
| CVE-2021-24841 | 2021-11-17 | Helpful < 4.4.59 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24847 | 2021-11-17 | SEO Redirection < 8.2 - Subscriber+ SQL Injection |
| CVE-2021-24850 | 2021-11-17 | Insert Pages < 3.7.0 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24851 | 2021-11-17 | Insert Pages < 3.7.0 - Contributor+ Arbitrary Posts/Pages Access |
| CVE-2021-24852 | 2021-11-17 | MouseWheel Smooth Scroll < 5.7 - Plugin's Setting Update via CSRF |
| CVE-2021-24853 | 2021-11-17 | QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update |
| CVE-2021-24854 | 2021-11-17 | QR Redirector < 1.6.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24856 | 2021-11-17 | Shared Files < 1.6.61 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-41931 | 2021-11-17 | The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923... |
| CVE-2021-32600 | 2021-11-17 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS CLI 7.0.0, 6.4.0 through 6.4.6, 6.2.0 through 6.2.9, 6.0.x and 5.6.x may allow a local and authenticated user... |
| CVE-2021-42956 | 2021-11-17 | Zoho Remote Access Plus Server Windows Desktop Binary fixed in 10.1.2132.6 is affected by a sensitive information disclosure vulnerability. Due to improper privilege management, the process launches as the logged... |
| CVE-2021-42954 | 2021-11-17 | Zoho Remote Access Plus Server Windows Desktop Binary fixed from 10.1.2121.1 is affected by incorrect access control. The installation directory is vulnerable to weak file permissions by allowing full control... |
| CVE-2021-42955 | 2021-11-17 | Zoho Remote Access Plus Server Windows Desktop binary fixed in version 10.1.2132 is affected by an unauthorized password reset vulnerability. Because of the designed password reset mechanism, any non-admin Windows... |
| CVE-2021-29860 | 2021-11-17 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the libc.a library to expose sensitive information. IBM X-Force ID: 206084. |
| CVE-2021-29861 | 2021-11-17 | IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in EFS to expose sensitive information. IBM X-Force ID: 206085. |
| CVE-2021-38959 | 2021-11-17 | IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected... |
| CVE-2021-42250 | 2021-11-17 | Possible log injection |
| CVE-2021-40745 | 2021-11-17 | Adobe Campaign Path Traversal Leads to Information Exposure |
| CVE-2021-43975 | 2021-11-17 | In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
| CVE-2021-32234 | 2021-11-17 | SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows remote code execution. |
| CVE-2021-43977 | 2021-11-17 | SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. |
| CVE-2021-42362 | 2021-11-17 | WordPress Popular Posts <= 5.3.2 Authenticated Arbitrary File Upload |
| CVE-2021-42360 | 2021-11-17 | Starter Templates — Elementor, Gutenberg & Beaver Builder Templates <= 2.7.0 Authenticated Block Import to Stored XSS |
| CVE-2021-35528 | 2021-11-17 | Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) |
| CVE-2021-43551 | 2021-11-17 | OSIsoft PI Vision |
| CVE-2021-43553 | 2021-11-17 | OSIsoft PI Vision |
| CVE-2021-43979 | 2021-11-17 | Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data... |
| CVE-2021-42361 | 2021-11-17 | Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting |
| CVE-2021-33106 | 2021-11-17 | Integer overflow in the Safestring library maintained by Intel(R) may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-33088 | 2021-11-17 | Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit Integrated Sensor Hub driver pack before version 5.4.1.4449 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33091 | 2021-11-17 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit audio driver pack before version 1.3 may allow an authenticated user to potentially enable escalation of privilege... |
| CVE-2021-33092 | 2021-11-17 | Incorrect default permissions in the installer for the Intel(R) NUC M15 Laptop Kit HID Event Filter driver pack before version 2.2.1.383 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33093 | 2021-11-17 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Serial IO driver pack before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation of... |
| CVE-2021-33094 | 2021-11-17 | Insecure inherited permissions in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33095 | 2021-11-17 | Unquoted search path in the installer for the Intel(R) NUC M15 Laptop Kit Keyboard LED Service driver pack before version 1.0.0.4 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33087 | 2021-11-17 | Improper authentication in the installer for the Intel(R) NUC M15 Laptop Kit Management Engine driver pack before version 15.0.10.1508 may allow an authenticated user to potentially enable denial of service... |
| CVE-2021-0096 | 2021-11-17 | Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33089 | 2021-11-17 | Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable... |
| CVE-2021-33090 | 2021-11-17 | Incorrect default permissionsin the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC10i3FN, NUC10i5FN, NUC10i7FN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33086 | 2021-11-17 | Out-of-bounds write in firmware for some Intel(R) NUCs may allow an authenticated user to potentially enable denial of service via local access. |
| CVE-2021-0121 | 2021-11-17 | Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of... |
| CVE-2021-0120 | 2021-11-17 | Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local... |
| CVE-2021-33097 | 2021-11-17 | Time-of-check time-of-use vulnerability in the Crypto API Toolkit for Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via network access. |
| CVE-2021-33071 | 2021-11-17 | Incorrect default permissions in the installer for the Intel(R) oneAPI Rendering Toolkit before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| CVE-2021-0157 | 2021-11-17 | Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-0158 | 2021-11-17 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. |
| CVE-2021-33118 | 2021-11-17 | Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R) NUC 11 Gen before version 30.100.2104.1 may allow an authenticated user to potentially enable escalation... |
| CVE-2021-33063 | 2021-11-17 | Uncontrolled search path in the Intel(R) RealSense(TM) D400 Series UWP driver for Windows 10 before version 6.1.160.22 may allow an authenticated user to potentially enable escalation of privilege via local... |
| CVE-2021-33062 | 2021-11-17 | Incorrect default permissions in the software installer for the Intel(R) VTune(TM) Profiler before version 2021.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. |