CVE List - 2021 / November
Showing 1101 - 1200 of 1508 CVEs for November 2021 (Page 12 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-43017 | 2021-11-18 | Adobe Creative Cloud DLL Hijacking Local Application Denial of Service |
| CVE-2021-37322 | 2021-11-18 | GCC c++filt v2.26 was discovered to contain a use-after-free vulnerability via the component cplus-dem.c. |
| CVE-2021-41278 | 2021-11-18 | Broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors |
| CVE-2021-40129 | 2021-11-18 | Cisco Common Services Platform Collector SQL Injection Vulnerability |
| CVE-2021-40130 | 2021-11-18 | Cisco Common Services Platform Collector Improper Logging Restriction Vulnerability |
| CVE-2021-40131 | 2021-11-18 | Cisco Common Services Platform Collector Stored Cross-Site Scripting Vulnerability |
| CVE-2021-21898 | 2021-11-19 | A code execution vulnerability exists in the dwgCompressor::decompress18() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to an out-of-bounds write. An attacker can provide a malicious file... |
| CVE-2021-21899 | 2021-11-19 | A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious... |
| CVE-2021-21900 | 2021-11-19 | A code execution vulnerability exists in the dxfRW::processLType() functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dxf file can lead to a use-after-free vulnerability. An attacker can provide a malicious file... |
| CVE-2021-3974 | 2021-11-19 | Use After Free in vim/vim |
| CVE-2021-39921 | 2021-11-19 | NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39922 | 2021-11-19 | Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39924 | 2021-11-19 | Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39925 | 2021-11-19 | Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39926 | 2021-11-19 | Buffer overflow in the Bluetooth HCI_ISO dissector in Wireshark 3.4.0 to 3.4.9 allows denial of service via packet injection or crafted capture file |
| CVE-2021-39929 | 2021-11-19 | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-44026 | 2021-11-19 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
| CVE-2021-44025 | 2021-11-19 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. |
| CVE-2021-44033 | 2021-11-19 | In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. |
| CVE-2021-42338 | 2021-11-19 | 4MOSAn GCB Doctor - Improper Authorization |
| CVE-2021-36372 | 2021-11-19 | Original block tokens are persisted and can be retrieved |
| CVE-2021-39231 | 2021-11-19 | Missing authentication/authorization on internal RPC endpoints |
| CVE-2021-39232 | 2021-11-19 | Missing admin check for SCM related admin commands |
| CVE-2021-39233 | 2021-11-19 | Container-related datanode operations can be called without authorization |
| CVE-2021-39234 | 2021-11-19 | Raw block data can be read bypassing ACL/authorization |
| CVE-2021-39235 | 2021-11-19 | Access mode of block tokens are not enforced |
| CVE-2021-39236 | 2021-11-19 | Owners of the S3 tokens are not validated |
| CVE-2021-41532 | 2021-11-19 | Unauthenticated access to Ozone Recon HTTP endpoints |
| CVE-2021-3976 | 2021-11-19 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-41436 | 2021-11-19 | An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF... |
| CVE-2021-41435 | 2021-11-19 | A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF... |
| CVE-2021-3973 | 2021-11-19 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3968 | 2021-11-19 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3963 | 2021-11-19 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3961 | 2021-11-19 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2021-3957 | 2021-11-19 | Cross-Site Request Forgery (CSRF) in kevinpapst/kimai2 |
| CVE-2021-3950 | 2021-11-19 | Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk |
| CVE-2021-3920 | 2021-11-19 | Cross-site Scripting (XSS) - Stored in getgrav/grav-plugin-admin |
| CVE-2021-37592 | 2021-11-19 | Suricata before 5.0.8 and 6.x before 6.0.4 allows TCP evasion via a client with a crafted TCP/IP stack that can send a certain sequence of segments. |
| CVE-2021-39353 | 2021-11-19 | Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-42363 | 2021-11-19 | Preview E-Mails for WooCommerce <= 1.6.8 Reflected Cross-Site Scripting |
| CVE-2021-43409 | 2021-11-19 | WPO365 | LOGIN - Wordpress Plugin Persistent Cross-Site Scripting |
| CVE-2021-43408 | 2021-11-19 | Duplicate Post WordPress Plugin SQL Injection Vulnerability |
| CVE-2021-33850 | 2021-11-19 | There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is... |
| CVE-2021-22053 | 2021-11-19 | Applications using both `spring-cloud-netflix-hystrix-dashboard` and `spring-boot-starter-thymeleaf` expose a way to execute code submitted within the request URI path during the resolution of view templates. When a request is made at... |
| CVE-2021-36003 | 2021-11-19 | Adobe Audition MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2021-22030 | 2021-11-19 | In versions of Greenplum database prior to 5.28.14 and 6.17.0, certain statements execution led to the storage of sensitive(credential) information in the logs of the database. A malicious user with... |
| CVE-2021-3962 | 2021-11-19 | A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially... |
| CVE-2021-22028 | 2021-11-19 | In versions of Greenplum database prior to 5.28.6 and 6.14.0, greenplum database contains a file path traversal vulnerability leading to information disclosure from the file system. A malicious user can... |
| CVE-2021-39923 | 2021-11-19 | Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
| CVE-2021-29323 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c. |
| CVE-2021-29324 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c. |
| CVE-2021-29325 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c. |
| CVE-2021-29326 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c. |
| CVE-2021-29327 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c. |
| CVE-2021-29328 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c. |
| CVE-2021-29329 | 2021-11-19 | OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c. |
| CVE-2021-44036 | 2021-11-19 | Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. |
| CVE-2021-44037 | 2021-11-19 | Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. |
| CVE-2021-41569 | 2021-11-19 | SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program,... |
| CVE-2021-42254 | 2021-11-19 | BeyondTrust Privilege Management prior to version 21.6 creates a Temporary File in a Directory with Insecure Permissions. |
| CVE-2021-22969 | 2021-11-19 | Concrete CMS (formerly concrete5) versions below 8.5.7 has a SSRF mitigation bypass using DNS Rebind attack giving an attacker the ability to fetch cloud IAAS (ex AWS) IAM keys.To fix... |
| CVE-2021-22970 | 2021-11-19 | Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by... |
| CVE-2021-22966 | 2021-11-19 | Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that... |
| CVE-2021-22951 | 2021-11-19 | Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.7. Concrete CMS now checks to see if a file has a... |
| CVE-2021-22965 | 2021-11-19 | A vulnerability in Pulse Connect Secure before 9.1R12.1 could allow an unauthenticated administrator to causes a denial of service when a malformed request is sent to the device. |
| CVE-2021-22967 | 2021-11-19 | In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to a Conversation.To remediate this, a check was added... |
| CVE-2021-22968 | 2021-11-19 | A bypass of adding remote files in Concrete CMS (previously concrete5) File Manager leads to remote code execution in Concrete CMS (concrete5) versions 8.5.6 and below.The external file upload feature... |
| CVE-2021-43555 | 2021-11-19 | mySCADA myDESIGNER |
| CVE-2021-36884 | 2021-11-19 | WordPress Backup Migration plugin <= 1.1.5 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-44038 | 2021-11-19 | An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to... |
| CVE-2021-26262 | 2021-11-19 | Philips MRI 1.5T and 3T Improper Access Control |
| CVE-2021-42744 | 2021-11-19 | Philips MRI 1.5T and 3T Information Exposure |
| CVE-2021-26248 | 2021-11-19 | Philips MRI 1.5T and 3T Incorrect Ownership Assignment |
| CVE-2021-40391 | 2021-11-19 | An out-of-bounds write vulnerability exists in the drill format T-code tool number functionality of Gerbv 2.7.0, dev (commit b5f1eacd), and the forked version of Gerbv (commit 71493260). A specially-crafted drill... |
| CVE-2021-23433 | 2021-11-19 | Prototype Pollution |
| CVE-2021-41280 | 2021-11-19 | OS command injection in Sharetribe Go |
| CVE-2021-39198 | 2021-11-19 | The disqualify lead action may be executed without CSRF token check |
| CVE-2021-34358 | 2021-11-20 | CSRF Vulnerability in QmailAgent |
| CVE-2021-38681 | 2021-11-20 | Reflected XSS Vulnerability in Ragic Cloud DB |
| CVE-2021-36306 | 2021-11-20 | Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions... |
| CVE-2021-36307 | 2021-11-20 | Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit... |
| CVE-2021-36308 | 2021-11-20 | Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform... |
| CVE-2021-36310 | 2021-11-20 | Dell Networking OS10, versions 10.4.3.x, 10.5.0.x, 10.5.1.x & 10.5.2.x, contain an uncontrolled resource consumption flaw in its API service. A high-privileged API user may potentially exploit this vulnerability, leading to... |
| CVE-2021-36319 | 2021-11-20 | Dell Networking OS10 versions 10.4.3.x, 10.5.0.x and 10.5.1.x contain an information exposure vulnerability. A low privileged authenticated malicious user can gain access to SNMP authentication failure messages. |
| CVE-2021-36320 | 2021-11-20 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially hijack a session and access the webserver by forging the session... |
| CVE-2021-36321 | 2021-11-20 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain an improper input validation vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by sending specially crafted data to trigger... |
| CVE-2021-36322 | 2021-11-20 | Dell Networking X-Series firmware versions prior to 3.0.1.8 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary host header values to... |
| CVE-2021-36340 | 2021-11-20 | Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it. |
| CVE-2021-1088 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to utilize debug mechanisms with insufficient access control, which may... |
| CVE-2021-1105 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to access debug registers during runtime, which may lead to... |
| CVE-2021-1125 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to corrupt program data. |
| CVE-2021-23201 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in an internal microcontroller, which may allow a user with elevated privileges to generate valid microcode by identifying, exploiting, and loading vulnerable... |
| CVE-2021-23217 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to instantiate a DMA write operation only within a specific... |
| CVE-2021-23219 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller, which may allow a user with elevated privileges to access protected information by identifying, exploiting, and loading vulnerable... |
| CVE-2021-34399 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed registers, which may... |
| CVE-2021-34400 | 2021-11-20 | NVIDIA GPU and Tegra hardware contain a vulnerability in the internal microcontroller which may allow a user with elevated privileges to gain access to information from unscrubbed memory, which may... |
| CVE-2021-28710 | 2021-11-21 | certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address translation control structures (page tables) may (and, on suitable hardware, by default will) be shared... |
| CVE-2021-44079 | 2021-11-22 | In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. |
| CVE-2021-33488 | 2021-11-22 | chat in OX App Suite 7.10.5 has Improper Input Validation. A user can be redirected to a rogue OX Chat server via a development-related hook. |