CVE List - 2021 / November
Showing 1401 - 1500 of 1508 CVEs for November 2021 (Page 15 of 16)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-43776 | 2021-11-26 | XSS vulnerability in @backstage/plugin-auth-backend |
| CVE-2021-43785 | 2021-11-26 | Cross Site Scripting Vulnerability in @joeattardi/emoji-button |
| CVE-2021-23654 | 2021-11-26 | Improper Input Validation |
| CVE-2021-4020 | 2021-11-27 | Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway |
| CVE-2021-44093 | 2021-11-28 | A Remote Command Execution vulnerability on the background in zrlog... |
| CVE-2021-44094 | 2021-11-28 | ZrLog 2.2.2 has a remote command execution vulnerability at plugin... |
| CVE-2019-8921 | 2021-11-29 | An issue was discovered in bluetoothd in BlueZ through 5.48.... |
| CVE-2019-8922 | 2021-11-29 | A heap-based buffer overflow was discovered in bluetoothd in BlueZ... |
| CVE-2021-3802 | 2021-11-29 | A vulnerability found in udisks2. This flaw allows an attacker... |
| CVE-2021-32061 | 2021-11-29 | S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket,... |
| CVE-2021-44077 | 2021-11-29 | Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before... |
| CVE-2021-21707 | 2021-11-29 | Special characters break path parsing in XML functions |
| CVE-2021-38147 | 2021-11-29 | Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download... |
| CVE-2021-38283 | 2021-11-29 | Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read... |
| CVE-2017-20008 | 2021-11-29 | myCRED < 1.7.8 - Reflected Cross-Site Scripting |
| CVE-2021-24745 | 2021-11-29 | About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24748 | 2021-11-29 | Email Before Download < 6.8 - Admin+ SQL Injection |
| CVE-2021-24749 | 2021-11-29 | URL Shortify < 1.5.1 - Arbitrary Link/Group Deletion via CSRF |
| CVE-2021-24751 | 2021-11-29 | GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24755 | 2021-11-29 | myCred < 2.3 - Subscriber+ SQL Injection |
| CVE-2021-24768 | 2021-11-29 | WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24811 | 2021-11-29 | Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24822 | 2021-11-29 | Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS |
| CVE-2021-24842 | 2021-11-29 | Bulk Datetime Change < 1.12 - Missing Authorisation |
| CVE-2021-24860 | 2021-11-29 | BSK PDF Manager < 3.1.2 - Admin+ SQL Injection |
| CVE-2021-24876 | 2021-11-29 | Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting |
| CVE-2021-24883 | 2021-11-29 | Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24889 | 2021-11-29 | Ninja Forms < 3.6.4 - Admin+ SQL Injection |
| CVE-2021-24899 | 2021-11-29 | Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24908 | 2021-11-29 | Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting |
| CVE-2021-24915 | 2021-11-29 | Contest Gallery < 13.1.0.6 - Missing Access Controls to Unauthenticated SQL injection / Email Address Disclosure |
| CVE-2021-24918 | 2021-11-29 | Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS |
| CVE-2021-24927 | 2021-11-29 | My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting |
| CVE-2021-43698 | 2021-11-29 | phpWhois (last update Jun 30 2021) is affected by a... |
| CVE-2021-43697 | 2021-11-29 | Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a... |
| CVE-2021-43696 | 2021-11-29 | twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS)... |
| CVE-2021-43695 | 2021-11-29 | issabelPBX version 2.11 is affected by a Cross Site Scripting... |
| CVE-2021-43693 | 2021-11-29 | vesta 0.9.8-24 is affected by a file inclusion vulnerability in... |
| CVE-2021-43692 | 2021-11-29 | youtube-php-mirroring (last update Jun 9, 2017) is affected by a... |
| CVE-2021-43691 | 2021-11-29 | tripexpress v1.1 is affected by a path manipulation vulnerability in... |
| CVE-2021-39995 | 2021-11-29 | Some Huawei products use the OpenHpi software for hardware management.... |
| CVE-2021-42358 | 2021-11-29 | Contact Form With Captcha <= 1.6.2 Cross-Site Request Forgery to Reflected Cross-Site Scripting |
| CVE-2021-42365 | 2021-11-29 | Asgaros Forums <= 1.15.13 Authenticated Stored XSS |
| CVE-2021-42364 | 2021-11-29 | Stetic <= 1.0.6 Cross-Site Request Forgery to Stored Cross-Site Scripting |
| CVE-2021-44201 | 2021-11-29 | Cross-site scripting (XSS) was possible in notification pop-ups |
| CVE-2021-44198 | 2021-11-29 | DLL hijacking could lead to local privilege escalation |
| CVE-2021-44203 | 2021-11-29 | Stored cross-site scripting (XSS) was possible in protection plan details |
| CVE-2021-44202 | 2021-11-29 | Stored cross-site scripting (XSS) was possible in activity details |
| CVE-2021-44199 | 2021-11-29 | DLL hijacking could lead to denial of service |
| CVE-2021-44200 | 2021-11-29 | Self cross-site scripting (XSS) was possible on devices page |
| CVE-2021-34800 | 2021-11-29 | Sensitive information could be logged |
| CVE-2021-43783 | 2021-11-29 | Path Traversal in @backstage/plugin-scaffolder-backend |
| CVE-2021-43787 | 2021-11-29 | XSS via prototype pollution |
| CVE-2021-43786 | 2021-11-29 | API token verification can be bypassed |
| CVE-2021-43788 | 2021-11-29 | Path traversal in translator module of NobeBB |
| CVE-2021-44427 | 2021-11-29 | An unauthenticated SQL Injection vulnerability in Rosario Student Information System... |
| CVE-2021-44429 | 2021-11-29 | Serva 4.4.0 allows remote attackers to cause a denial of... |
| CVE-2021-44428 | 2021-11-29 | Pinkie 2.15 allows remote attackers to cause a denial of... |
| CVE-2021-43790 | 2021-11-29 | Use After Free in lucet |
| CVE-2021-3725 | 2021-11-30 | OS Command Injection in ohmyzsh/ohmyzsh |
| CVE-2021-3726 | 2021-11-30 | OS Command Injection in ohmyzsh/ohmyzsh |
| CVE-2021-3727 | 2021-11-30 | OS Command Injection in ohmyzsh/ohmyzsh |
| CVE-2021-3769 | 2021-11-30 | OS Command Injection in ohmyzsh/ohmyzsh |
| CVE-2021-43771 | 2021-11-30 | Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable... |
| CVE-2021-42115 | 2021-11-30 | Missing HTTPOnly flag on sensitive cookie in TopEase |
| CVE-2021-42116 | 2021-11-30 | Unauthorized Menu Item Access in TopEase |
| CVE-2021-42117 | 2021-11-30 | UI Redressing in TopEase |
| CVE-2021-42118 | 2021-11-30 | Stored XSS in TopEase |
| CVE-2021-42119 | 2021-11-30 | Stored XSS in Search Function in TopEase |
| CVE-2021-42120 | 2021-11-30 | Missing Character Length (Denial of Service) in TopEase |
| CVE-2021-42121 | 2021-11-30 | Denial of Service via Invalid Date Format in TopEase |
| CVE-2021-42122 | 2021-11-30 | Denial of Service via Invalid Object Attribute in TopEase |
| CVE-2021-42123 | 2021-11-30 | Missing Upload Filter in TopEase |
| CVE-2021-42544 | 2021-11-30 | Lack of Rate limiting in Authentication in TopEase |
| CVE-2021-42545 | 2021-11-30 | Insufficient Session Expiration in TopEase |
| CVE-2021-41677 | 2021-11-30 | A SQL injection vulnerability exists in version 8.0 of openSIS... |
| CVE-2021-41678 | 2021-11-30 | A SQL injection vulnerability exists in version 8.0 of openSIS... |
| CVE-2021-41679 | 2021-11-30 | A SQL injection vulnerability exists in version 8.0 of openSIS... |
| CVE-2021-25987 | 2021-11-30 | Hexo - Stored XSS |
| CVE-2021-43998 | 2021-11-30 | HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and... |
| CVE-2021-43202 | 2021-11-30 | In JetBrains TeamCity before 2021.1.3, the X-Frame-Options header is missing... |
| CVE-2021-38958 | 2021-11-30 | IBM MQ Appliance 9.2 CD and 9.2 LTS is affected... |
| CVE-2021-38967 | 2021-11-30 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow... |
| CVE-2021-38999 | 2021-11-30 | IBM MQ Appliance could allow a local attacker to obtain... |
| CVE-2021-39000 | 2021-11-30 | IBM MQ Appliance 9.2 CD and 9.2 LTS could allow... |
| CVE-2021-44230 | 2021-11-30 | PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has... |
| CVE-2021-43282 | 2021-11-30 | An issue was discovered on Victure WR1200 devices through 1.0.3.... |
| CVE-2021-43283 | 2021-11-30 | An issue was discovered on Victure WR1200 devices through 1.0.3.... |
| CVE-2021-43284 | 2021-11-30 | An issue was discovered on Victure WR1200 devices through 1.0.3.... |
| CVE-2020-7879 | 2021-11-30 | ipTIME C200 IP Camera command injection vulnerability |
| CVE-2021-43294 | 2021-11-30 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected... |
| CVE-2021-26612 | 2021-11-30 | tobesoft Nexacro platform arbitrary file creation vulnerability |
| CVE-2021-43295 | 2021-11-30 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected... |
| CVE-2021-43296 | 2021-11-30 | Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to an... |
| CVE-2021-22095 | 2021-11-30 | In Spring AMQP versions 2.2.0 - 2.2.19 and 2.3.0 -... |
| CVE-2021-43319 | 2021-11-30 | Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to... |
| CVE-2021-42099 | 2021-11-30 | Zoho ManageEngine M365 Manager Plus before 4421 is vulnerable to... |
| CVE-2020-7880 | 2021-11-30 | douzone NeoRS remote support program ActiveX vulnerability |
| CVE-2021-31787 | 2021-11-30 | The Bluetooth Classic implementation on Actions ATS2815 chipsets does not... |
| CVE-2021-42564 | 2021-11-30 | An open redirect through HTML injection in confidential messages in... |