CVE List - 2021 / November
Showing 1301 - 1400 of 1508 CVEs for November 2021 (Page 14 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24713 | 2021-11-23 | Video Lessons Manager - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24729 | 2021-11-23 | Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting |
| CVE-2021-24812 | 2021-11-23 | BetterLinks < 1.2.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24830 | 2021-11-23 | Advanced Access Manager < 6.8.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24873 | 2021-11-23 | Tutor LMS < 1.9.11 - Reflected Cross-Site Scripting |
| CVE-2021-24875 | 2021-11-23 | eCommerce Product Catalog for WordPress < 3.0.39 - Reflected Cross-Site Scripting |
| CVE-2021-24877 | 2021-11-23 | MainWP Child < 4.1.8 - Admin+ SQL Injection |
| CVE-2021-24882 | 2021-11-23 | Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24888 | 2021-11-23 | ImageBoss < 3.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24891 | 2021-11-23 | Elementor < 3.4.8 - DOM Cross-Site-Scripting |
| CVE-2021-24892 | 2021-11-23 | Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR |
| CVE-2021-24894 | 2021-11-23 | Reviews Plus < 1.2.14 - Subscriber+ Reviews DoS |
| CVE-2021-31852 | 2021-11-23 | Cross-Site Scripting vulnerability in Policy Auditor |
| CVE-2021-31851 | 2021-11-23 | Cross-Site Scripting vulnerability in Policy Auditor |
| CVE-2021-25986 | 2021-11-23 | Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section |
| CVE-2021-21561 | 2021-11-23 | Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure... |
| CVE-2021-36299 | 2021-11-23 | Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00... |
| CVE-2021-36300 | 2021-11-23 | iDRAC9 versions prior to 5.00.00.00 contain an improper input validation... |
| CVE-2021-36301 | 2021-11-23 | Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8... |
| CVE-2021-36311 | 2021-11-23 | Dell EMC Networker versions prior to 19.5 contain an Improper... |
| CVE-2021-36312 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a... |
| CVE-2021-36313 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an... |
| CVE-2021-36314 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an... |
| CVE-2021-36332 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a... |
| CVE-2021-36333 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a... |
| CVE-2021-36334 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain a... |
| CVE-2021-36335 | 2021-11-23 | Dell EMC CloudLink 7.1 and all prior versions contain an... |
| CVE-2021-35033 | 2021-11-23 | A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20,... |
| CVE-2021-37997 | 2021-11-23 | Use after free in Sign-In in Google Chrome prior to... |
| CVE-2021-37998 | 2021-11-23 | Use after free in Garbage Collection in Google Chrome prior... |
| CVE-2021-37999 | 2021-11-23 | Insufficient data validation in New Tab Page in Google Chrome... |
| CVE-2021-38000 | 2021-11-23 | Insufficient validation of untrusted input in Intents in Google Chrome... |
| CVE-2021-38001 | 2021-11-23 | Type confusion in V8 in Google Chrome prior to 95.0.4638.69... |
| CVE-2021-38002 | 2021-11-23 | Use after free in Web Transport in Google Chrome prior... |
| CVE-2021-38003 | 2021-11-23 | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69... |
| CVE-2021-38004 | 2021-11-23 | Insufficient policy enforcement in Autofill in Google Chrome prior to... |
| CVE-2021-42785 | 2021-11-23 | Buffer Overflow in tvnviewer.exe via Crafted Packet in TightVNC Viewer 2.8.59 |
| CVE-2021-42784 | 2021-11-23 | OS Command Injection in debug_fcgi in D-Link DWR-932C E1 Firmware 1.0.0.4 |
| CVE-2021-42783 | 2021-11-23 | Missing Authentication in debug_post_set.cgi in D-Link DWR-932C E1 Firmware 1.0.0.4 |
| CVE-2021-43777 | 2021-11-23 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) |
| CVE-2021-41192 | 2021-11-23 | Insecure default configuration |
| CVE-2021-43780 | 2021-11-23 | Server-Side Request Forgery (SSRF) in Redash |
| CVE-2021-28704 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates... |
| CVE-2021-28705 | 2021-11-24 | issues with partially successful P2M updates on x86 T[his CNA... |
| CVE-2021-28706 | 2021-11-24 | guests may exceed their designated memory limit When a guest... |
| CVE-2021-28707 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates... |
| CVE-2021-28708 | 2021-11-24 | PoD operations on misaligned GFNs T[his CNA information record relates... |
| CVE-2021-28709 | 2021-11-24 | issues with partially successful P2M updates on x86 T[his CNA... |
| CVE-2021-31822 | 2021-11-24 | When Octopus Tentacle is installed on a Linux operating system,... |
| CVE-2021-42297 | 2021-11-24 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| CVE-2021-42306 | 2021-11-24 | Azure Active Directory Information Disclosure Vulnerability |
| CVE-2021-42308 | 2021-11-24 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2021-43211 | 2021-11-24 | Windows 10 Update Assistant Elevation of Privilege Vulnerability |
| CVE-2021-43220 | 2021-11-24 | Microsoft Edge for iOS Spoofing Vulnerability |
| CVE-2021-43221 | 2021-11-24 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2021-20835 | 2021-11-24 | Improper authorization in handler for custom URL scheme vulnerability in... |
| CVE-2021-20840 | 2021-11-24 | Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar... |
| CVE-2021-20841 | 2021-11-24 | Improper access control in Management screen of EC-CUBE 2 series... |
| CVE-2021-20842 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0... |
| CVE-2021-20843 | 2021-11-24 | Cross-site script inclusion vulnerability in the Web GUI of RTX830... |
| CVE-2021-20844 | 2021-11-24 | Improper neutralization of HTTP request headers for scripting syntax vulnerability... |
| CVE-2021-20845 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions... |
| CVE-2021-20846 | 2021-11-24 | Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress... |
| CVE-2021-20848 | 2021-11-24 | Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows... |
| CVE-2021-20850 | 2021-11-24 | PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49... |
| CVE-2021-32037 | 2021-11-24 | User may trigger invariant when allowed to send commands directly to shards |
| CVE-2021-40369 | 2021-11-24 | XSS vulnerability on Denounce plugin |
| CVE-2021-44140 | 2021-11-24 | Arbitrary file deletion on logout |
| CVE-2021-3552 | 2021-11-24 | Insufficient validation on regular expression in EPPUpdateService config file (VA-9825) |
| CVE-2021-3554 | 2021-11-24 | Improper Access Control vulnerability in the patchesUpdate API |
| CVE-2021-3553 | 2021-11-24 | Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) |
| CVE-2021-38873 | 2021-11-24 | IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection.... |
| CVE-2021-43268 | 2021-11-24 | An issue was discovered in VxWorks 6.9 through 7. In... |
| CVE-2021-36917 | 2021-11-24 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated Plugin Deactivation vulnerability |
| CVE-2021-36916 | 2021-11-24 | WordPress Hide My WP premium plugin <= 6.2.3 - Unauthenticated SQL injection (SQLi) vulnerability |
| CVE-2021-21980 | 2021-11-24 | The vSphere Web Client (FLEX/Flash) contains an unauthorized arbitrary file... |
| CVE-2021-22049 | 2021-11-24 | The vSphere Web Client (FLEX/Flash) contains an SSRF (Server Side... |
| CVE-2021-34423 | 2021-11-24 | Buffer overflow in Zoom client and other products |
| CVE-2021-34424 | 2021-11-24 | Process memory exposure in Zoom Client and other products |
| CVE-2021-22957 | 2021-11-24 | A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect... |
| CVE-2021-43778 | 2021-11-24 | Path traversal in GLPI barcode plugin |
| CVE-2021-41268 | 2021-11-24 | Cookie persistence in Symfony |
| CVE-2021-41267 | 2021-11-24 | Webcache Poisoning in Symfony |
| CVE-2021-41270 | 2021-11-24 | CSV Injection in Symfony |
| CVE-2021-44219 | 2021-11-24 | Gin-Vue-Admin before 2.4.6 mishandles a SQL database. |
| CVE-2021-44223 | 2021-11-25 | WordPress before 5.8 lacks support for the Update URI plugin... |
| CVE-2021-44225 | 2021-11-26 | In Keepalived through 2.2.4, the D-Bus policy does not sufficiently... |
| CVE-2021-38685 | 2021-11-26 | Command Injection Vulnerability in VioStor |
| CVE-2021-38686 | 2021-11-26 | Improper Authentication Vulnerability in VioStor |
| CVE-2021-25269 | 2021-11-26 | A local administrator could prevent the HMPA service from starting... |
| CVE-2021-36807 | 2021-11-26 | An authenticated user could potentially execute code via an SQLi... |
| CVE-2020-7881 | 2021-11-26 | AfreecaTV streamer service stack-based buffer overflow |
| CVE-2021-26611 | 2021-11-26 | HejHome IP Camera use of hard-coded credentials vulnerability |
| CVE-2021-26615 | 2021-11-26 | bandisoft ARK library integer overflow vulnerability |
| CVE-2021-36843 | 2021-11-26 | WordPress Floating Social Media Icon plugin <= 4.3.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-35533 | 2021-11-26 | Specially Crafted IEC 60870-5-104 Packet Vulnerability in RTU500 series |
| CVE-2021-40833 | 2021-11-26 | Denial-of-Service (DoS) Vulnerability |
| CVE-2021-36919 | 2021-11-26 | WordPress Awesome Support plugin <= 6.0.6 - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities |
| CVE-2021-41243 | 2021-11-26 | OS Command Injection Vulnerability and Potential Zip Slip Vulnerability |
| CVE-2021-41279 | 2021-11-26 | Zip Slip Vulnerability in BaserCMS |