CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2021-38975 200 +Info 2021-11-15 2021-11-16
4.0
None Remote Low ??? Partial None None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to to obtain sensitive information from a specially crafted HTTP request. IBM X-Force ID: 212780.
602 CVE-2021-38974 DoS 2021-11-15 2021-11-16
4.0
None Remote Low ??? None None Partial
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 could allow an authenticated user to cause a denial of service using specially crafted HTTP requests. IBM X-Force ID: 212779.
603 CVE-2021-38973 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
604 CVE-2021-38972 20 2021-11-12 2021-11-16
4.0
None Remote Low ??? None Partial None
IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, 4.0, and 4.1 receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
605 CVE-2021-38967 94 Exec Code 2021-11-30 2021-11-30
4.6
None Local Low Not required Partial Partial Partial
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow a local privileged user to inject and execute malicious code. IBM X-Force ID: 212441.
606 CVE-2021-38959 787 DoS 2021-11-17 2021-11-19
2.1
None Local Low Not required None None Partial
IBM SPSS Statistics for Windows 24.0, 25.0, 26.0, 27.0, 27.0.1, and 28.0 could allow a local user to cause a denial of service by writing arbitrary files to admin protected directories on the system. IBM X-Force ID: 212046.
607 CVE-2021-38958 DoS 2021-11-30 2021-11-30
2.1
None Local Low Not required None None Partial
IBM MQ Appliance 9.2 CD and 9.2 LTS is affected by a denial of service attack caused by a concurrency issue. IBM X-Force ID: 212042
608 CVE-2021-38949 312 2021-11-16 2021-11-17
2.1
None Local Low Not required Partial None None
IBM MQ 7.5, 8.0, 9.0 LTS, 9.1 CD, and 9.1 LTS stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 211403.
609 CVE-2021-38948 91 2021-11-02 2021-11-03
6.4
None Remote Low Not required Partial None Partial
IBM InfoSphere Information Server 11.7 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 211402.
610 CVE-2021-38891 326 2021-11-23 2021-11-29
5.0
None Remote Low Not required Partial None None
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.
611 CVE-2021-38890 307 2021-11-23 2021-11-29
5.0
None Remote Low Not required Partial None None
IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.
612 CVE-2021-38887 200 +Info 2021-11-10 2021-11-12
4.0
None Remote Low ??? Partial None None
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information from application response requests that could be used in further attacks against the system. IBM X-Force ID: 209401.
613 CVE-2021-38882 2021-11-16 2021-11-17
2.1
None Local Low Not required None Partial None
IBM Spectrum Scale 5.1.0 through 5.1.1.1 could allow a privileged admin to destroy filesystem audit logging records before expiration time. IBM X-Force ID: 209164.
614 CVE-2021-38875 DoS 2021-11-23 2021-11-24
4.0
None Remote Low ??? None None Partial
IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.
615 CVE-2021-38873 74 Exec Code 2021-11-24 2021-11-24
9.3
None Remote Medium Not required Complete Complete Complete
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396.
616 CVE-2021-38847 434 Exec Code 2021-11-01 2021-11-02
6.5
None Remote Low ??? Partial Partial Partial
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
617 CVE-2021-38686 287 2021-11-26 2021-12-03
6.8
None Remote Medium Not required Partial Partial Partial
An improper authentication vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
618 CVE-2021-38685 78 2021-11-26 2021-12-02
7.5
None Remote Low Not required Partial Partial Partial
A command injection vulnerability has been reported to affect QNAP device, VioStor. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QVR: QVR FW 5.1.6 build 20211109 and later
619 CVE-2021-38684 787 Exec Code Overflow 2021-11-13 2022-02-10
7.5
None Remote Low Not required Partial Partial Partial
A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later Multimedia Console 1.5.3 ( 2021/10/05 ) and later
620 CVE-2021-38681 79 XSS 2021-11-20 2021-11-23
4.3
None Remote Medium Not required None Partial None
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
621 CVE-2021-38666 Exec Code 2021-11-10 2021-11-10
6.8
None Remote Medium Not required Partial Partial Partial
Remote Desktop Client Remote Code Execution Vulnerability
622 CVE-2021-38665 2021-11-10 2021-11-10
4.3
None Remote Medium Not required Partial None None
Remote Desktop Protocol Client Information Disclosure Vulnerability
623 CVE-2021-38631 2021-11-10 2021-11-12
2.1
None Local Low Not required Partial None None
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41371.
624 CVE-2021-38502 522 Exec Code 2021-11-03 2022-03-17
4.3
None Remote Medium Not required Partial None None
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
625 CVE-2021-38501 Mem. Corr. 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
626 CVE-2021-38500 Mem. Corr. 2021-11-03 2022-03-17
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
627 CVE-2021-38499 787 Mem. Corr. 2021-11-03 2022-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 92. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 93.
628 CVE-2021-38498 416 Mem. Corr. 2021-11-03 2021-11-04
5.0
None Remote Low Not required None None Partial
During process shutdown, a document could have caused a use-after-free of a languages service object, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
629 CVE-2021-38497 346 2021-11-03 2021-11-04
4.3
None Remote Medium Not required None Partial None
Through use of reportValidity() and window.open(), a plain-text validation message could have been overlaid on another origin, leading to possible user confusion and spoofing attacks. This vulnerability affects Firefox < 93, Thunderbird < 91.2, and Firefox ESR < 91.2.
630 CVE-2021-38496 416 Mem. Corr. 2021-11-03 2022-03-17
6.8
None Remote Medium Not required Partial Partial Partial
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
631 CVE-2021-38495 787 Mem. Corr. 2021-11-03 2022-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
632 CVE-2021-38494 787 Mem. Corr. 2021-11-03 2022-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 91. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 92.
633 CVE-2021-38493 787 Mem. Corr. 2021-11-03 2022-05-03
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
634 CVE-2021-38492 2021-11-03 2021-11-04
4.3
None Remote Medium Not required None Partial None
When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox ESR < 91.1.
635 CVE-2021-38491 2021-11-03 2022-03-16
4.3
None Remote Medium Not required None Partial None
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
636 CVE-2021-38488 79 Exec Code XSS 2021-11-03 2021-11-05
3.5
None Remote Medium ??? None Partial None
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.
637 CVE-2021-38448 94 2021-11-22 2022-05-10
4.6
None Local Low Not required Partial Partial Partial
The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software.
638 CVE-2021-38428 79 Exec Code XSS 2021-11-03 2021-11-05
3.5
None Remote Medium ??? None Partial None
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.
639 CVE-2021-38424 1236 2021-11-03 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
The tag interface of Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to an attacker injecting formulas into the tag data. Those formulas may then be executed when it is opened with a spreadsheet application.
640 CVE-2021-38422 312 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
Delta Electronics DIALink versions 1.2.4.0 and prior stores sensitive information in cleartext, which may allow an attacker to have extensive access to the application directory and escalate privileges.
641 CVE-2021-38420 276 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
Delta Electronics DIALink versions 1.2.4.0 and prior default permissions give extensive permissions to low-privileged user accounts, which may allow an attacker to modify the installation directory and upload malicious files.
642 CVE-2021-38418 319 2021-11-03 2021-11-05
4.3
None Remote Medium Not required Partial None None
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
643 CVE-2021-38416 427 2021-11-03 2021-11-05
4.4
None Local Medium Not required Partial Partial Partial
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.
644 CVE-2021-38411 79 Exec Code XSS 2021-11-03 2021-11-05
3.5
None Remote Medium ??? None Partial None
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
645 CVE-2021-38407 79 Exec Code XSS 2021-11-03 2021-11-05
3.5
None Remote Medium ??? None Partial None
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.
646 CVE-2021-38403 79 Exec Code XSS 2021-11-03 2021-11-05
3.5
None Remote Medium ??? None Partial None
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.
647 CVE-2021-38378 668 2021-11-22 2021-11-23
4.0
None Remote Low ??? Partial None None
OX App Suite 7.10.5 allows Information Exposure because a caching mechanism can caused a Modified By response to show a person's name.
648 CVE-2021-38377 79 XSS 2021-11-22 2021-11-23
4.3
None Remote Medium Not required None Partial None
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within truncated e-mail, because there is a predictable UUID with HTML transformation results.
649 CVE-2021-38376 668 2021-11-22 2021-11-23
5.0
None Remote Low Not required Partial None None
OX App Suite through 7.10.5 has Incorrect Access Control for retrieval of session information via the rampup action of the login API call.
650 CVE-2021-38375 79 XSS 2021-11-22 2021-11-23
4.3
None Remote Medium Not required None Partial None
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.