CVE List - 2021 / November
Showing 1201 - 1300 of 1508 CVEs for November 2021 (Page 13 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-33489 | 2021-11-22 | OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. |
| CVE-2021-33490 | 2021-11-22 | OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. |
| CVE-2021-33491 | 2021-11-22 | OX App Suite through 7.10.5 allows Directory Traversal via ../ in an OOXML or ODF ZIP archive, because of the mishandling of relative paths in mail addresses in conjunction with... |
| CVE-2021-33492 | 2021-11-22 | OX App Suite 7.10.5 allows XSS via an OX Chat room name. |
| CVE-2021-33493 | 2021-11-22 | The middleware component in OX App Suite through 7.10.5 allows Code Injection via Java classes in a YAML format. |
| CVE-2021-43557 | 2021-11-22 | Path traversal in request_uri variable |
| CVE-2021-33494 | 2021-11-22 | OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. |
| CVE-2021-33495 | 2021-11-22 | OX App Suite 7.10.5 allows XSS via an OX Chat system message. |
| CVE-2021-38146 | 2021-11-22 | The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data. |
| CVE-2021-38374 | 2021-11-22 | OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. |
| CVE-2021-38375 | 2021-11-22 | OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. |
| CVE-2021-38376 | 2021-11-22 | OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call. |
| CVE-2021-38377 | 2021-11-22 | OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results. |
| CVE-2021-38378 | 2021-11-22 | OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name. |
| CVE-2021-43581 | 2021-11-22 | An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use... |
| CVE-2021-43582 | 2021-11-22 | A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue... |
| CVE-2021-26614 | 2021-11-22 | IpTime C200 IP camera remote code execution vulnerability |
| CVE-2020-7882 | 2021-11-22 | anySign directory traversal vulnerability |
| CVE-2021-40770 | 2021-11-22 | Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40771 | 2021-11-22 | Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40772 | 2021-11-22 | Adobe Prelude M4A File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-40773 | 2021-11-22 | Adobe Prelude NULL Pointer Dereference Application Denial of Service |
| CVE-2021-40774 | 2021-11-22 | Adobe Prelude NULL Pointer Dereference Application Denial of Service |
| CVE-2021-40775 | 2021-11-22 | Adobe Prelude SVG File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-42733 | 2021-11-22 | Adobe Bridge NULL Pointer Dereference could lead to Application denial-of-service |
| CVE-2021-42737 | 2021-11-22 | Adobe Prelude WAV File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-42738 | 2021-11-22 | Adobe Prelude MXF File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-43015 | 2021-11-22 | Adobe InCopy GIF File Parsing Memory Corruption Arbitrary Code Execution |
| CVE-2021-43016 | 2021-11-22 | Adobe InCopy NULL Pointer Dereference Application Denial of Service |
| CVE-2021-42727 | 2021-11-22 | Adobe Bridge Buffer Overflow Arbitrary code execution |
| CVE-2021-3935 | 2021-11-22 | When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and... |
| CVE-2021-3943 | 2021-11-22 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files... |
| CVE-2021-43558 | 2021-11-22 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool... |
| CVE-2021-43559 | 2021-11-22 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the... |
| CVE-2021-43560 | 2021-11-22 | A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other... |
| CVE-2019-5640 | 2021-11-22 | Rapid7 Nexpose Information Disclosure after logout |
| CVE-2021-23718 | 2021-11-22 | Server-side Request Forgery (SSRF) |
| CVE-2021-23732 | 2021-11-22 | Arbitrary Code Execution |
| CVE-2021-23673 | 2021-11-22 | Cross-site Scripting (XSS) |
| CVE-2021-38448 | 2021-11-22 | Trane Symbio Improper Control of Generation of Code |
| CVE-2021-42707 | 2021-11-22 | WECON PLC Editor |
| CVE-2021-42705 | 2021-11-22 | WECON PLC Editor |
| CVE-2021-44143 | 2021-11-22 | A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks... |
| CVE-2021-44144 | 2021-11-22 | Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. |
| CVE-2021-32004 | 2021-11-22 | GateManager does not enforce strict hostname matching for WEB server |
| CVE-2021-44147 | 2021-11-22 | An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform... |
| CVE-2021-44150 | 2021-11-22 | The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. |
| CVE-2020-22719 | 2021-11-22 | Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field. |
| CVE-2021-40828 | 2021-11-22 | TLS hostname validation issues within AWS IoT Device SDKs on Windows |
| CVE-2021-40829 | 2021-11-22 | TLS hostname validation issues within AWS IoT Device SDKs on macOS |
| CVE-2021-40830 | 2021-11-22 | Inconsistent CA override function behavior within AWS IoT Device SDKs on Unix systems |
| CVE-2021-40831 | 2021-11-22 | Missing SNI validation and inconsistent CA override function behavior within AWS IoT Device SDKs on Apple devices |
| CVE-2021-3672 | 2021-11-23 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which... |
| CVE-2021-20601 | 2021-11-23 | Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT... |
| CVE-2021-39976 | 2021-11-23 | There is a privilege escalation vulnerability in CloudEngine 5800 V200R020C00SPC600. Due to lack of privilege restrictions, an authenticated local attacker can perform specific operation to exploit this vulnerability. Successful exploitation... |
| CVE-2021-22410 | 2021-11-23 | There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after... |
| CVE-2021-37036 | 2021-11-23 | There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the... |
| CVE-2021-37102 | 2021-11-23 | There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input... |
| CVE-2021-22356 | 2021-11-23 | There is a weak secure algorithm vulnerability in Huawei products. A weak secure algorithm is used in a module. Attackers can exploit this vulnerability by capturing and analyzing the messages... |
| CVE-2021-37029 | 2021-11-23 | There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-37030 | 2021-11-23 | There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-37031 | 2021-11-23 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. |
| CVE-2021-37032 | 2021-11-23 | There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work. |
| CVE-2021-37033 | 2021-11-23 | There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-37034 | 2021-11-23 | There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-37035 | 2021-11-23 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. |
| CVE-2021-37009 | 2021-11-23 | There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
| CVE-2021-37007 | 2021-11-23 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37016 | 2021-11-23 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. |
| CVE-2021-37008 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37015 | 2021-11-23 | There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37003 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37019 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37026 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37017 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37005 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37018 | 2021-11-23 | There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37012 | 2021-11-23 | There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37004 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37025 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37024 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash. |
| CVE-2021-37023 | 2021-11-23 | There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device... |
| CVE-2021-37022 | 2021-11-23 | There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. |
| CVE-2021-37010 | 2021-11-23 | There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
| CVE-2021-37006 | 2021-11-23 | There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. |
| CVE-2021-37013 | 2021-11-23 | There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected. |
| CVE-2021-35052 | 2021-11-23 | A component in Kaspersky Password Manager could allow an attacker to elevate a process Integrity level from Medium to High. |
| CVE-2021-43019 | 2021-11-23 | Adobe Creative Cloud Incorrect Permission Assignment Privilege Escalation Vulnerability |
| CVE-2021-43775 | 2021-11-23 | Arbitrary file reading vulnerability in Aim |
| CVE-2021-41281 | 2021-11-23 | Path traversal in Matrix Synapse |
| CVE-2021-38875 | 2021-11-23 | IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force... |
| CVE-2021-38890 | 2021-11-23 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507. |
| CVE-2021-38891 | 2021-11-23 | IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508. |
| CVE-2021-38980 | 2021-11-23 | IBM Tivoli Key Lifecycle Manager (IBM Security Guardium Key Lifecycle Manager) 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error... |
| CVE-2021-24641 | 2021-11-23 | Images to WebP < 1.9 - Multiple Cross Site Request Forgery (CSRF) |
| CVE-2021-24644 | 2021-11-23 | Images to WebP < 1.9 - Authenticated Local File Inclusion |
| CVE-2021-24668 | 2021-11-23 | MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF |
| CVE-2021-24700 | 2021-11-23 | Forminator < 1.15.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24703 | 2021-11-23 | Download Plugin < 1.6.1 - Subscriber+ Arbitrary Plugin Activation |
| CVE-2021-24713 | 2021-11-23 | Video Lessons Manager - Admin+ Stored Cross-Site Scripting |