CVE List - 2021 / November
Showing 601 - 700 of 1508 CVEs for November 2021 (Page 7 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-42296 | 2021-11-10 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2021-42298 | 2021-11-10 | Microsoft Defender Remote Code Execution Vulnerability |
| CVE-2021-42300 | 2021-11-10 | Azure Sphere Tampering Vulnerability |
| CVE-2021-42301 | 2021-11-10 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-42302 | 2021-11-10 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42303 | 2021-11-10 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42304 | 2021-11-10 | Azure RTOS Elevation of Privilege Vulnerability |
| CVE-2021-42305 | 2021-11-10 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2021-42316 | 2021-11-10 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| CVE-2021-42319 | 2021-11-10 | Visual Studio Elevation of Privilege Vulnerability |
| CVE-2021-42321 | 2021-11-10 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2021-42322 | 2021-11-10 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2021-42323 | 2021-11-10 | Azure RTOS Information Disclosure Vulnerability |
| CVE-2021-43208 | 2021-11-10 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-43209 | 2021-11-10 | 3D Viewer Remote Code Execution Vulnerability |
| CVE-2021-22870 | 2021-11-10 | Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access |
| CVE-2021-31853 | 2021-11-10 | MDE DLL Search Order Hijacking vulnerability |
| CVE-2021-43136 | 2021-11-10 | An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform. |
| CVE-2021-25974 | 2021-11-10 | Publify - Stored Cross-Site Scripting (XSS) in Editor |
| CVE-2021-25975 | 2021-11-10 | Publify - Stored Cross-Site Scripting (XSS) due to Unrestricted File Upload |
| CVE-2021-34582 | 2021-11-10 | Phoenix Contact: FL MGUARD XSS through web-based management and REST API |
| CVE-2021-34598 | 2021-11-10 | Phoenix Contact: FL MGUARD lack of memory release in remote logging functionality |
| CVE-2021-39474 | 2021-11-10 | Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on... |
| CVE-2021-43523 | 2021-11-10 | In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong... |
| CVE-2021-38887 | 2021-11-10 | IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force... |
| CVE-2021-43561 | 2021-11-10 | An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for... |
| CVE-2021-43562 | 2021-11-10 | An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM... |
| CVE-2021-43563 | 2021-11-10 | An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an... |
| CVE-2021-43564 | 2021-11-10 | An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files.... |
| CVE-2021-40501 | 2021-11-10 | SAP ABAP Platform Kernel - versions 7.77, 7.81, 7.85, 7.86, does not perform necessary authorization checks for an authenticated business user, resulting in escalation of privileges. That means this business... |
| CVE-2021-40502 | 2021-11-10 | SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Authenticated attackers will be able to access... |
| CVE-2021-40503 | 2021-11-10 | An information disclosure vulnerability exists in SAP GUI for Windows - versions < 7.60 PL13, 7.70 PL4, which allows an attacker with sufficient privileges on the local client-side PC to... |
| CVE-2021-40504 | 2021-11-10 | A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755,... |
| CVE-2021-42062 | 2021-11-10 | SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads... |
| CVE-2021-41427 | 2021-11-10 | Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. |
| CVE-2021-41426 | 2021-11-10 | Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. |
| CVE-2020-12488 | 2021-11-10 | Broken Access Control Vulnerability in Jovi Smart Scene |
| CVE-2021-40518 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 allow CSRF. |
| CVE-2021-40521 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. |
| CVE-2021-40519 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. |
| CVE-2021-40517 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access. |
| CVE-2021-40520 | 2021-11-10 | Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. |
| CVE-2020-28137 | 2021-11-10 | Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. |
| CVE-2021-3380 | 2021-11-10 | Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to disclose sensitive information via the Print Invoice Functionality. |
| CVE-2021-41038 | 2021-11-10 | In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage(). |
| CVE-2021-3056 | 2021-11-10 | PAN-OS: Memory Corruption Vulnerability in GlobalProtect Clientless VPN During SAML Authentication |
| CVE-2021-3058 | 2021-11-10 | PAN-OS: OS Command Injection Vulnerability in Web Interface XML API |
| CVE-2021-3059 | 2021-11-10 | PAN-OS: OS Command Injection Vulnerability When Performing Dynamic Updates |
| CVE-2021-3060 | 2021-11-10 | PAN-OS: OS Command Injection in Simple Certificate Enrollment Protocol (SCEP) |
| CVE-2021-3061 | 2021-11-10 | PAN-OS: OS Command Injection Vulnerability in the Command Line Interface (CLI) |
| CVE-2021-3062 | 2021-11-10 | PAN-OS: Improper Access Control Vulnerability Exposing AWS Instance Metadata Endpoint to GlobalProtect Users |
| CVE-2021-3063 | 2021-11-10 | PAN-OS: Denial-of-Service (DoS) Vulnerability in GlobalProtect Portal and Gateway Interfaces |
| CVE-2021-3064 | 2021-11-10 | PAN-OS: Memory Corruption Vulnerability in GlobalProtect Portal and Gateway Interfaces |
| CVE-2021-32021 | 2021-11-10 | A denial of service vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context... |
| CVE-2021-32022 | 2021-11-10 | A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context... |
| CVE-2021-32023 | 2021-11-10 | An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context... |
| CVE-2021-22048 | 2021-11-10 | The vCenter Server contains a privilege escalation vulnerability in the IWA (Integrated Windows Authentication) authentication mechanism. A malicious actor with non-administrative access to vCenter Server may exploit this issue to... |
| CVE-2021-3572 | 2021-11-10 | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on... |
| CVE-2021-42111 | 2021-11-10 | An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code... |
| CVE-2020-23872 | 2021-11-10 | A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS). |
| CVE-2020-23873 | 2021-11-10 | pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump. |
| CVE-2020-23874 | 2021-11-10 | pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode. |
| CVE-2020-23876 | 2021-11-10 | pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText. |
| CVE-2020-23877 | 2021-11-10 | pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream. |
| CVE-2020-23878 | 2021-11-10 | pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch. |
| CVE-2020-23879 | 2021-11-10 | pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject. |
| CVE-2020-23884 | 2021-11-10 | A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file. |
| CVE-2020-23886 | 2021-11-10 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode... |
| CVE-2020-23887 | 2021-11-10 | XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access... |
| CVE-2020-23888 | 2021-11-10 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file. |
| CVE-2020-23889 | 2021-11-10 | A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file. |
| CVE-2020-23890 | 2021-11-10 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as... |
| CVE-2020-23891 | 2021-11-10 | A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
| CVE-2020-23893 | 2021-11-10 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
| CVE-2020-23894 | 2021-11-10 | A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
| CVE-2020-23895 | 2021-11-10 | A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
| CVE-2020-23896 | 2021-11-10 | A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file. |
| CVE-2020-23897 | 2021-11-10 | A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
| CVE-2020-23898 | 2021-11-10 | A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
| CVE-2020-23899 | 2021-11-10 | A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
| CVE-2020-23900 | 2021-11-10 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow... |
| CVE-2020-23901 | 2021-11-10 | A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. |
| CVE-2020-23902 | 2021-11-10 | A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used... |
| CVE-2020-23903 | 2021-11-10 | A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. |
| CVE-2020-23904 | 2021-11-10 | A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce... |
| CVE-2020-23906 | 2021-11-10 | FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. |
| CVE-2021-33816 | 2021-11-10 | The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not... |
| CVE-2021-33618 | 2021-11-10 | Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. |
| CVE-2021-40871 | 2021-11-10 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66. Remote attackers to cause a denial of service (DoS) by sending crafted messages to a OPC/UA... |
| CVE-2021-40872 | 2021-11-10 | An issue was discovered in Softing Industrial Automation uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) or login as an anonymous user (bypassing security checks)... |
| CVE-2021-40873 | 2021-11-10 | An issue was discovered in Softing Industrial Automation OPC UA C++ SDK before 5.66, and uaToolkit Embedded before 1.40. Remote attackers to cause a denial of service (DoS) by sending... |
| CVE-2021-42847 | 2021-11-11 | Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. |
| CVE-2002-20001 | 2021-11-11 | The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka... |
| CVE-2021-43573 | 2021-11-11 | A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon... |
| CVE-2021-41080 | 2021-11-11 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a hardware details search. |
| CVE-2021-41081 | 2021-11-11 | Zoho ManageEngine Network Configuration Manager before 125465 is vulnerable to SQL Injection in a configuration search. |
| CVE-2021-41833 | 2021-11-11 | Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. |
| CVE-2021-42002 | 2021-11-11 | Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file-upload remote code execution. |
| CVE-2021-43397 | 2021-11-11 | LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sysadmin. |
| CVE-2021-25980 | 2021-11-11 | Talkyard - Host-Header Injection Leads to Account Takeover |