CVE List - 2021 / November
Showing 301 - 400 of 1508 CVEs for November 2021 (Page 4 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-22260 | 2021-11-04 | A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions... |
| CVE-2021-39895 | 2021-11-04 | In all versions of GitLab CE/EE since version 8.0, an attacker can set the pipeline schedules to be active in a project export so when an unsuspecting owner imports that... |
| CVE-2021-39904 | 2021-11-04 | An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions... |
| CVE-2021-39907 | 2021-11-04 | A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 13.7. The stripping of EXIF data from certain images resulted in high CPU usage. |
| CVE-2021-39911 | 2021-11-04 | An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before... |
| CVE-2021-39905 | 2021-11-04 | An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with |
| CVE-2021-39898 | 2021-11-04 | In all versions of GitLab CE/EE since version 10.6, a project export leaks the external webhook token value which may allow access to the project which it was exported from. |
| CVE-2021-35368 | 2021-11-05 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. |
| CVE-2021-3927 | 2021-11-05 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3928 | 2021-11-05 | Use of Uninitialized Variable in vim/vim |
| CVE-2021-25500 | 2021-11-05 | A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. |
| CVE-2021-25501 | 2021-11-05 | An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers. |
| CVE-2021-25502 | 2021-11-05 | A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge. |
| CVE-2021-25503 | 2021-11-05 | Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. |
| CVE-2021-25504 | 2021-11-05 | Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. |
| CVE-2021-25505 | 2021-11-05 | Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. |
| CVE-2021-25506 | 2021-11-05 | Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. |
| CVE-2021-25507 | 2021-11-05 | Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without... |
| CVE-2021-25508 | 2021-11-05 | Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. |
| CVE-2021-25509 | 2021-11-05 | A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. |
| CVE-2021-42237 | 2021-11-05 | Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve remote command execution on the machine. No... |
| CVE-2021-26844 | 2021-11-05 | A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. |
| CVE-2021-42662 | 2021-11-05 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in... |
| CVE-2021-42663 | 2021-11-05 | An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to... |
| CVE-2021-42664 | 2021-11-05 | A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can... |
| CVE-2021-42665 | 2021-11-05 | An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication. |
| CVE-2021-42666 | 2021-11-05 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web... |
| CVE-2021-42667 | 2021-11-05 | A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query... |
| CVE-2021-42668 | 2021-11-05 | A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data... |
| CVE-2021-42669 | 2021-11-05 | A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded... |
| CVE-2021-42670 | 2021-11-05 | A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive... |
| CVE-2021-42671 | 2021-11-05 | An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all... |
| CVE-2021-39411 | 2021-11-05 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3)... |
| CVE-2021-39412 | 2021-11-05 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php,... |
| CVE-2021-3916 | 2021-11-05 | Path Traversal in bookstackapp/bookstack |
| CVE-2021-3924 | 2021-11-05 | Path Traversal in getgrav/grav |
| CVE-2021-39413 | 2021-11-05 | Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g)... |
| CVE-2021-42699 | 2021-11-05 | AzeoTech DAQFactory |
| CVE-2021-42543 | 2021-11-05 | AzeoTech DAQFactory |
| CVE-2021-42701 | 2021-11-05 | AzeoTech DAQFactory |
| CVE-2021-42698 | 2021-11-05 | AzeoTech DAQFactory |
| CVE-2021-39416 | 2021-11-05 | Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender,... |
| CVE-2020-23565 | 2021-11-05 | Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850". |
| CVE-2020-23566 | 2021-11-05 | Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8. |
| CVE-2020-23567 | 2021-11-05 | Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea" |
| CVE-2021-29753 | 2021-11-05 | IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible... |
| CVE-2021-42837 | 2021-11-05 | An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth... |
| CVE-2021-43404 | 2021-11-05 | An issue was discovered in FusionPBX before 4.5.30. The FAX file name may have risky characters. |
| CVE-2021-43406 | 2021-11-05 | An issue was discovered in FusionPBX before 4.5.30. The fax_post_size may have risky characters (it is not constrained to preset values). |
| CVE-2021-43405 | 2021-11-05 | An issue was discovered in FusionPBX before 4.5.30. The fax_extension may have risky characters (it is not constrained to be numeric). |
| CVE-2021-43403 | 2021-11-05 | An issue was discovered in FusionPBX before 4.5.30. The log_viewer.php Log View page allows an authenticated user to choose an arbitrary filename for download (i.e., not necessarily freeswitch.log in the... |
| CVE-2021-3774 | 2021-11-05 | Meross MSS550X Missing Encryption of Sensitive Data |
| CVE-2021-42359 | 2021-11-05 | WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion |
| CVE-2021-41195 | 2021-11-05 | Crash in `tf.math.segment_*` operations |
| CVE-2021-41196 | 2021-11-05 | Crash in `max_pool3d` when size argument is 0 or negative |
| CVE-2021-41199 | 2021-11-05 | Overflow/crash in `tf.image.resize` when size is large |
| CVE-2021-41198 | 2021-11-05 | Overflow/crash in `tf.tile` when tiling tensor is large |
| CVE-2021-41197 | 2021-11-05 | Crashes due to overflow and `CHECK`-fail in ops with large tensor shapes |
| CVE-2021-41200 | 2021-11-05 | Incomplete validation in `tf.summary.create_file_writer` |
| CVE-2021-41201 | 2021-11-05 | Unitialized access in `EinsumHelper::ParseEquation` |
| CVE-2021-41210 | 2021-11-05 | Heap OOB read in `tf.raw_ops.SparseCountSparseOutput` |
| CVE-2021-41205 | 2021-11-05 | Heap OOB read in all `tf.raw_ops.QuantizeAndDequantizeV*` ops |
| CVE-2021-41211 | 2021-11-05 | Heap OOB read in shape inference for `QuantizeV2` |
| CVE-2021-41212 | 2021-11-05 | Heap OOB read in `tf.ragged.cross` |
| CVE-2021-41224 | 2021-11-05 | `SparseFillEmptyRows` heap OOB read |
| CVE-2021-41223 | 2021-11-05 | Heap OOB read in `FusedBatchNorm` kernels |
| CVE-2021-41226 | 2021-11-05 | Heap OOB read in `SparseBinCount` |
| CVE-2021-41204 | 2021-11-05 | Segfault while copying constant resource tensor |
| CVE-2021-41214 | 2021-11-05 | Reference binding to `nullptr` in `tf.ragged.cross` |
| CVE-2021-41219 | 2021-11-05 | Undefined behavior via `nullptr` reference binding in sparse matrix multiplication |
| CVE-2021-41217 | 2021-11-05 | Null pointer exception when `Exit` node is not preceded by `Enter` op |
| CVE-2021-41215 | 2021-11-05 | Null pointer exception in `DeserializeSparse` |
| CVE-2021-41203 | 2021-11-05 | Missing validation during checkpoint loading |
| CVE-2021-41209 | 2021-11-05 | FPE in convolutions with zero size filters |
| CVE-2021-41202 | 2021-11-05 | Overflow/crash in `tf.range` |
| CVE-2021-41207 | 2021-11-05 | Division by zero in `ParallelConcat` |
| CVE-2021-41208 | 2021-11-05 | Incomplete validation in boosted trees code |
| CVE-2021-41206 | 2021-11-05 | Incomplete validation of shapes in multiple TF ops |
| CVE-2021-41218 | 2021-11-05 | Integer division by 0 in `tf.raw_ops.AllToAll` |
| CVE-2021-41213 | 2021-11-05 | Deadlock in mutually recursive `tf.function` objects |
| CVE-2021-41216 | 2021-11-05 | Heap buffer overflow in `Transpose` |
| CVE-2021-41221 | 2021-11-05 | Access to invalid memory during shape inference in `Cudnn*` ops |
| CVE-2021-41220 | 2021-11-05 | Use after free in `CollectiveReduceV2` |
| CVE-2021-41228 | 2021-11-05 | Code injection in `saved_model_cli` |
| CVE-2021-41222 | 2021-11-05 | Segfault due to negative splits in `SplitV` |
| CVE-2021-41225 | 2021-11-05 | A use of uninitialized value vulnerability in Tensorflow |
| CVE-2021-41227 | 2021-11-05 | Arbitrary memory read in `ImmutableConst` |
| CVE-2021-41230 | 2021-11-05 | OIDC claims not updated from Identity Provider in Pomerium |
| CVE-2021-41250 | 2021-11-05 | Presence of non-blacklisted URL bypasses all other filters |
| CVE-2020-22222 | 2021-11-05 | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function. |
| CVE-2020-22223 | 2021-11-05 | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function. |
| CVE-2020-22224 | 2021-11-05 | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function. |
| CVE-2020-22225 | 2021-11-05 | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function. |
| CVE-2020-22226 | 2021-11-05 | Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function. |
| CVE-2021-41251 | 2021-11-05 | Possibility to elevate privileges or get unauthorized access to data |
| CVE-2021-37471 | 2021-11-07 | Cradlepoint IBR900-600 devices running versions < 7.21.10 are vulnerable to a restricted shell escape sequence that provides an attacker the capability to simultaneously deny availability to the device's NetCloud Manager... |
| CVE-2021-43411 | 2021-11-07 | An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges,... |
| CVE-2021-43414 | 2021-11-07 | An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for... |
| CVE-2021-43413 | 2021-11-07 | An issue was discovered in GNU Hurd before 0.9 20210404-9. A single pager port is shared among everyone who mmaps a file, allowing anyone to modify any files that they... |
| CVE-2021-43412 | 2021-11-07 | An issue was discovered in GNU Hurd before 0.9 20210404-9. libports accepts fake notification messages from any client on any port, which can lead to port use-after-free. This can be... |