CVE List - 2021 / November
Showing 801 - 900 of 1508 CVEs for November 2021 (Page 9 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-41653 | 2021-11-13 | The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. |
| CVE-2021-43336 | 2021-11-14 | An Out-of-Bounds Write vulnerability exists when reading a DXF or DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF and... |
| CVE-2021-43391 | 2021-11-14 | An Out-of-Bounds Read vulnerability exists when reading a DXF file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DXF files. Crafted data... |
| CVE-2021-43617 | 2021-11-14 | Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based... |
| CVE-2020-14424 | 2021-11-14 | Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. |
| CVE-2020-16152 | 2021-11-14 | The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests... |
| CVE-2021-26795 | 2021-11-14 | A SQL Injection vulnerability in /appliance/shiftmgn.php in TalariaX sendQuick Alert Plus Server Admin 4.3 before 8HF11 allows attackers to obtain sensitive information via a Roster Time to Roster Management. |
| CVE-2021-41057 | 2021-11-14 | In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions. |
| CVE-2021-43273 | 2021-11-14 | An Out-of-bounds Read vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.11. Crafted data in a DGN file and lack of verification of... |
| CVE-2021-43274 | 2021-11-14 | A Use After Free Vulnerability exists in the Open Design Alliance Drawings SDK before 2022.11. The specific flaw exists within the parsing of DWF files. The issue results from the... |
| CVE-2021-43275 | 2021-11-14 | A Use After Free vulnerability exists in the DGN file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of validating the existence... |
| CVE-2021-43276 | 2021-11-14 | An Out-of-bounds Read vulnerability exists in Open Design Alliance ODA Viewer before 2022.8. Crafted data in a DWF file can trigger a read past the end of an allocated buffer.... |
| CVE-2021-43277 | 2021-11-14 | An out-of-bounds read vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a read past... |
| CVE-2021-43278 | 2021-11-14 | An Out-of-bounds Read vulnerability exists in the OBJ file reading procedure in Open Design Alliance Drawings SDK before 2022.11. The lack of validating the input length can trigger a read... |
| CVE-2021-43279 | 2021-11-14 | An out-of-bounds write vulnerability exists in the U3D file reading procedure in Open Design Alliance PRC SDK before 2022.10. Crafted data in a U3D file can trigger a write past... |
| CVE-2021-43390 | 2021-11-14 | An Out-of-Bounds Write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data... |
| CVE-2021-43280 | 2021-11-14 | A stack-based buffer overflow vulnerability exists in the DWF file reading procedure in Open Design Alliance Drawings SDK before 2022.8. The issue results from the lack of proper validation of... |
| CVE-2021-43272 | 2021-11-14 | An improper handling of exceptional conditions vulnerability exists in Open Design Alliance ODA Viewer sample before 2022.11. ODA Viewer continues to process invalid or malicious DWF files instead of stopping... |
| CVE-2021-42373 | 2021-11-15 | A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given |
| CVE-2021-42376 | 2021-11-15 | A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may... |
| CVE-2021-42377 | 2021-11-15 | An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&&... |
| CVE-2021-43618 | 2021-11-15 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. |
| CVE-2021-42374 | 2021-11-15 | An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
| CVE-2021-42375 | 2021-11-15 | An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for... |
| CVE-2021-42378 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function |
| CVE-2021-42379 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function |
| CVE-2021-42380 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |
| CVE-2021-42381 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function |
| CVE-2021-42382 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function |
| CVE-2021-42383 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
| CVE-2021-42384 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function |
| CVE-2021-42385 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
| CVE-2021-42386 | 2021-11-15 | A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |
| CVE-2021-43620 | 2021-11-15 | An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return... |
| CVE-2021-41289 | 2021-11-15 | ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2021-42838 | 2021-11-15 | Grand Vice info Co. webopac7 - Reflected XSS |
| CVE-2021-42839 | 2021-11-15 | Grand Vice info Co. webopac7 - Arbitrary File Upload |
| CVE-2021-43495 | 2021-11-15 | AlquistManager branch as of commit 280d99f43b11378212652e75f6f3159cde9c1d36 is affected by a directory traversal vulnerability in alquist/IO/input.py. This attack can cause the disclosure of critical secrets stored anywhere on the system and... |
| CVE-2021-42706 | 2021-11-15 | AzeoTech DAQFactory |
| CVE-2021-42703 | 2021-11-15 | AzeoTech DAQFactory |
| CVE-2021-43574 | 2021-11-15 | WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no... |
| CVE-2021-22959 | 2021-11-15 | The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and... |
| CVE-2020-12964 | 2021-11-15 | A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck... |
| CVE-2020-12904 | 2021-11-15 | Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure. |
| CVE-2021-41951 | 2021-11-15 | ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit... |
| CVE-2020-12900 | 2021-11-15 | An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service. |
| CVE-2020-12899 | 2021-11-15 | Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service. |
| CVE-2021-38974 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779. |
| CVE-2021-38975 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780. |
| CVE-2021-38976 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 stores user credentials in plain clear text which can be read by a local user. X-Force ID: 212781. |
| CVE-2021-38977 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie... |
| CVE-2021-38978 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.... |
| CVE-2021-38979 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software... |
| CVE-2021-38981 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.... |
| CVE-2021-38982 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering... |
| CVE-2021-38983 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212792. |
| CVE-2021-38984 | 2021-11-15 | IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 212793. |
| CVE-2021-34991 | 2021-11-15 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within... |
| CVE-2021-34992 | 2021-11-15 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS 6.10. Authentication is required to exploit this vulnerability. The specific flaw exists within Composite.dll.... |
| CVE-2020-12897 | 2021-11-15 | Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass. |
| CVE-2020-12902 | 2021-11-15 | Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| CVE-2020-12920 | 2021-11-15 | A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck. |
| CVE-2020-12929 | 2021-11-15 | Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution... |
| CVE-2021-41765 | 2021-11-15 | A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers... |
| CVE-2021-41950 | 2021-11-15 | A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in... |
| CVE-2020-12895 | 2021-11-15 | Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. |
| CVE-2021-42580 | 2021-11-15 | Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two... |
| CVE-2020-12963 | 2021-11-15 | An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system. |
| CVE-2021-39222 | 2021-11-15 | XSS in Talk |
| CVE-2020-12892 | 2021-11-15 | An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution. |
| CVE-2020-12898 | 2021-11-15 | Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. |
| CVE-2020-12901 | 2021-11-15 | Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure. |
| CVE-2020-12905 | 2021-11-15 | Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure. |
| CVE-2020-12962 | 2021-11-15 | Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation. |
| CVE-2020-12903 | 2021-11-15 | Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. |
| CVE-2020-12893 | 2021-11-15 | Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. |
| CVE-2020-12960 | 2021-11-15 | AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS). |
| CVE-2020-12894 | 2021-11-15 | Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. |
| CVE-2021-41244 | 2021-11-15 | Cross organization admin control in Grafana |
| CVE-2021-41263 | 2021-11-15 | Secure/signed cookies share secrets between sites in rails_multisite |
| CVE-2021-41266 | 2021-11-15 | Authentication bypass issue in the Operator Console |
| CVE-2021-41269 | 2021-11-15 | Unauthenticated remote code injection in cron-utils |
| CVE-2021-41271 | 2021-11-15 | Cache poisoning via maliciously-formed request in discourse |
| CVE-2021-42337 | 2021-11-16 | TVN-202110009 |
| CVE-2021-25976 | 2021-11-16 | Piranha CMS - Site-wide Cross-Site Request Forgery (CSRF) |
| CVE-2021-25965 | 2021-11-16 | Calibre-web - Admin Account Takeover via Cross-Site Request Forgery (CSRF) |
| CVE-2021-25940 | 2021-11-16 | ArangoDB - Insufficient Session Expiration after Password Change |
| CVE-2021-37580 | 2021-11-16 | Apache ShenYu Admin bypass JWT authentication |
| CVE-2021-25982 | 2021-11-16 | FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality |
| CVE-2021-25983 | 2021-11-16 | FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality |
| CVE-2021-25984 | 2021-11-16 | FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality |
| CVE-2021-25985 | 2021-11-16 | FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover |
| CVE-2021-42114 | 2021-11-16 | Scalable Rowhammering In the Frequency Domain to Bypass TRR Mitigations On Modern DDR4/LPDDR4X Devices |
| CVE-2021-3958 | 2021-11-16 | SQL Injection Vulnerability in Ipack SCADA Software |
| CVE-2021-38882 | 2021-11-16 | IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164. |
| CVE-2021-38949 | 2021-11-16 | IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403. |
| CVE-2021-43046 | 2021-11-16 | TIBCO PartnerExpress Session Token in URL |
| CVE-2021-43047 | 2021-11-16 | TIBCO PartnerExpress Cross Site Scripting vulnerabilities |
| CVE-2021-43048 | 2021-11-16 | TIBCO PartnerExpress Click-Jacking vulnerability |
| CVE-2021-26326 | 2021-11-16 | Failure to validate VM_HSAVE_PA during SNP_INIT may result in a loss of memory integrity. |