CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
701 CVE-2021-37036 200 +Info 2021-11-23 2021-11-24
2.1
None Local Low Not required Partial None None
There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.
702 CVE-2021-37035 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
703 CVE-2021-37034 2021-11-23 2021-12-09
5.0
None Remote Low Not required Partial None None
There is an Unstandardized field names in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
704 CVE-2021-37033 74 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is an Injection attack vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
705 CVE-2021-37032 Bypass 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is a Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Digital Balance to fail to work.
706 CVE-2021-37031 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly.
707 CVE-2021-37030 276 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is an Improper permission vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
708 CVE-2021-37029 2021-11-23 2021-12-09
5.0
None Remote Low Not required None None Partial
There is an Identity verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
709 CVE-2021-37026 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
710 CVE-2021-37025 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
711 CVE-2021-37024 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
712 CVE-2021-37023 22 Dir. Trav. 2021-11-23 2022-05-03
6.4
None Remote Low Not required Partial Partial None
There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause media files which can be reads and writes in non-distributed directories on any device on the network..
713 CVE-2021-37022 787 Overflow 2021-11-23 2021-11-29
10.0
None Remote Low Not required Complete Complete Complete
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated.
714 CVE-2021-37019 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
715 CVE-2021-37018 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
716 CVE-2021-37017 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
717 CVE-2021-37016 125 DoS 2021-11-23 2021-11-29
8.5
None Remote Low Not required Partial None Complete
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service.
718 CVE-2021-37015 125 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
719 CVE-2021-37013 20 2021-11-23 2021-11-29
5.0
None Remote Low Not required None None Partial
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the availability of users is affected.
720 CVE-2021-37012 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Data Processing Errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
721 CVE-2021-37010 200 +Info 2021-11-23 2021-11-29
5.0
None Remote Low Not required Partial None None
There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.
722 CVE-2021-37009 2021-11-23 2021-11-29
5.0
None Remote Low Not required Partial None None
There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.
723 CVE-2021-37008 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
724 CVE-2021-37007 125 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
725 CVE-2021-37006 281 2021-11-23 2021-11-29
5.0
None Remote Low Not required Partial None None
There is a Improper Preservation of Permissions vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected.
726 CVE-2021-37005 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
727 CVE-2021-37004 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
728 CVE-2021-37003 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None None Complete
There is a Improper Input Validation vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause kernel crash.
729 CVE-2021-36957 269 2021-11-10 2021-11-10
4.6
None Local Low Not required Partial Partial Partial
Windows Desktop Bridge Elevation of Privilege Vulnerability
730 CVE-2021-36925 DoS Exec Code 2021-11-02 2021-11-08
7.2
None Local Low Not required Complete Complete Complete
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve an arbitrary read or write operation from/to physical memory (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
731 CVE-2021-36924 400 DoS Exec Code Overflow 2021-11-02 2021-11-08
7.2
None Local Low Not required Complete Complete Complete
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve a pool overflow (leading to Escalation of Privileges, Denial of Service, and Code Execution) via a crafted Device IO Control packet to a device.
732 CVE-2021-36923 269 DoS Exec Code 2021-11-02 2021-11-08
7.2
None Local Low Not required Complete Complete Complete
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions (leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
733 CVE-2021-36922 269 DoS Exec Code 2021-11-02 2021-11-08
7.2
None Local Low Not required Complete Complete Complete
RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB devices (Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosure) via a crafted Device IO Control packet to a device.
734 CVE-2021-36919 79 XSS 2021-11-26 2021-12-02
3.5
None Remote Medium ??? None Partial None
Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee).
735 CVE-2021-36917 668 2021-11-24 2021-11-27
5.0
None Remote Low Not required None None Partial
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user. It is possible to retrieve a reset token which can then be used to deactivate the plugin.
736 CVE-2021-36916 89 Sql 2021-11-24 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
The SQL injection vulnerability in the Hide My WP WordPress plugin (versions <= 6.2.3) is possible because of how the IP address is retrieved and used inside a SQL query. The function "hmwp_get_user_ip" tries to retrieve the IP address from multiple headers, including IP address headers that the user can spoof, such as "X-Forwarded-For." As a result, the malicious payload supplied in one of these IP address headers will be directly inserted into the SQL query, making SQL injection possible.
737 CVE-2021-36909 863 2021-11-18 2021-11-19
5.5
None Remote Low ??? None Partial Partial
Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover.
738 CVE-2021-36908 352 CSRF 2021-11-18 2021-11-19
6.8
None Remote Medium Not required Partial Partial Partial
Cross-Site Request Forgery (CSRF) vulnerability leading to Database Reset in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows attackers to trick authenticated into making unintentional database reset.
739 CVE-2021-36884 79 XSS 2021-11-19 2022-01-04
3.5
None Remote Medium ??? None Partial None
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup Migration plugin <= 1.1.5 versions.
740 CVE-2021-36843 79 XSS 2021-11-26 2021-11-26
3.5
None Remote Medium ??? None Partial None
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating Social Media Icon plugin (versions <= 4.3.5) Social Media Configuration form. Requires high role user like admin.
741 CVE-2021-36807 89 Exec Code Sql 2021-11-26 2021-11-30
6.5
None Remote Low ??? Partial Partial Partial
An authenticated user could potentially execute code via an SQLi vulnerability in the user portal of SG UTM before version 9.708 MR8.
742 CVE-2021-36794 2021-11-02 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
In Siren Investigate before 11.1.4, when enabling the cluster feature of the Siren Alert application, TLS verifications are disabled globally in the Siren Investigate main process.
743 CVE-2021-36698 79 XSS 2021-11-03 2021-11-04
3.5
None Remote Medium ??? None Partial None
Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name.
744 CVE-2021-36697 74 Exec Code 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
With an admin account, the .htaccess file in Artica Pandora FMS <=755 can be overwritten with the File Manager component. The new .htaccess file contains a Rewrite Rule with a type definition. A normal PHP file can be uploaded with this new "file type" and the code can be executed with an HTTP request.
745 CVE-2021-36560 287 Bypass 2021-11-02 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin.
746 CVE-2021-36372 273 2021-11-19 2021-11-20
7.5
None Remote Low Not required Partial Partial Partial
In Apache Ozone versions prior to 1.2.0, Initially generated block tokens are persisted to the metadata database and can be retrieved with authenticated users with permission to the key. Authenticated users may use them even after access is revoked.
747 CVE-2021-36340 532 2021-11-20 2021-11-23
2.1
None Local Low Not required Partial None None
Dell EMC SCG 5.00.00.10 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.
748 CVE-2021-36335 20 2021-11-23 2021-11-27
6.5
None Remote Low ??? Partial Partial Partial
Dell EMC CloudLink 7.1 and all prior versions contain an Improper Input Validation Vulnerability. A remote low privileged attacker, may potentially exploit this vulnerability, leading to execution of arbitrary files on the server
749 CVE-2021-36334 1236 Exec Code 2021-11-23 2021-11-27
6.0
None Remote Medium ??? Partial Partial Partial
Dell EMC CloudLink 7.1 and all prior versions contain a CSV formula Injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to arbitrary code execution on end user machine
750 CVE-2021-36333 120 Overflow 2021-11-23 2021-11-27
2.1
None Local Low Not required None None Partial
Dell EMC CloudLink 7.1 and all prior versions contain a Buffer Overflow Vulnerability. A local low privileged attacker, may potentially exploit this vulnerability, leading to an application crash.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 (This Page)16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.