CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1201 CVE-2021-21686 59 2021-11-04 2021-11-08
5.8
None Remote Medium Not required Partial Partial None
File path filters in the agent-to-controller security subsystem of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier do not canonicalize paths, allowing operations to follow symbolic links to outside allowed directories.
1202 CVE-2021-21685 862 2021-11-04 2021-11-08
6.4
None Remote Low Not required Partial Partial None
Jenkins 2.318 and earlier, LTS 2.303.2 and earlier does not check agent-to-controller access to create parent directories in FilePath#mkdirs.
1203 CVE-2021-21561 532 +Priv 2021-11-23 2021-11-27
2.1
None Local Low Not required Partial None None
Dell PowerScale OneFS version 8.1.2 contains a sensitive information exposure vulnerability. This would allow a malicious user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files.
1204 CVE-2021-21528 2021-11-12 2021-11-17
5.0
None Remote Low Not required Partial None None
Dell EMC PowerScale OneFS versions 9.1.0, 9.2.0.x, 9.2.1.x contain an Exposure of Information through Directory Listing vulnerability. This vulnerability is triggered when upgrading from a previous versions.
1205 CVE-2021-20850 78 Exec Code 2021-11-24 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
PowerCMS XMLRPC API of PowerCMS 5.19 and earlier, PowerCMS 4.49 and earlier, PowerCMS 3.295 and earlier, and PowerCMS 2 Series (End-of-Life, EOL) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.
1206 CVE-2021-20848 79 XSS 2021-11-24 2021-11-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in rwtxt versions prior to v1.8.6 allows a remote attacker to inject an arbitrary script via unspecified vectors.
1207 CVE-2021-20846 352 CSRF 2021-11-24 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Push Notifications for WordPress (Lite) versions prior to 6.0.1 allows a remote attacker to hijack the authentication of an administrator and conduct an arbitrary operation via a specially crafted web page.
1208 CVE-2021-20845 352 CSRF 2021-11-24 2021-11-27
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Unlimited Sitemap Generator versions prior to v8.2 allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operation via a specially crafted web page.
1209 CVE-2021-20844 116 +Info 2021-11-24 2021-11-30
3.5
None Remote Medium ??? Partial None None
Improper neutralization of HTTP request headers for scripting syntax vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to obtain sensitive information via a specially crafted web page.
1210 CVE-2021-20843 829 2021-11-24 2021-11-30
3.5
None Remote Medium ??? None Partial None
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.
1211 CVE-2021-20842 352 CSRF 2021-11-24 2021-11-27
4.3
None Remote Medium Not required None Partial None
Cross-site request forgery (CSRF) vulnerability in EC-CUBE 2 series 2.11.0 to 2.17.1 allows a remote attacker to hijack the authentication of Administrator and delete Administrator via a specially crafted web page.
1212 CVE-2021-20841 863 Bypass 2021-11-24 2021-11-27
4.0
None Remote Low ??? None Partial None
Improper access control in Management screen of EC-CUBE 2 series 2.11.2 to 2.17.1 allows a remote authenticated attacker to bypass access restriction and to alter System settings via unspecified vectors.
1213 CVE-2021-20840 79 XSS 2021-11-24 2021-11-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System versions prior to 1.5.11 allows a remote attacker to inject an arbitrary script via unspecified vectors.
1214 CVE-2021-20839 611 DoS 2021-11-01 2021-11-08
4.3
None Remote Medium Not required None None Partial
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition to the other servers by processing a specially crafted XML document.
1215 CVE-2021-20838 611 DoS 2021-11-01 2021-11-08
5.0
None Remote Low Not required None None Partial
Office Server Document Converter V7.2MR4 and earlier and V7.1MR7 and earlier allows a remote unauthenticated attacker to conduct an XML External Entity (XXE) attack to cause a denial of service (DoS) condition by processing a specially crafted XML document.
1216 CVE-2021-20835 862 2021-11-24 2022-05-03
5.0
None Remote Low Not required Partial None None
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari (Merpay) - Marketplace and Mobile Payments App' (Japan version) versions prior to 4.49.1 allows a remote attacker to lead a user to access an arbitrary website and the website launches an arbitrary Activity of the app via the vulnerable App, which may result in Mercari account's access token being obtained.
1217 CVE-2021-20707 20 2021-11-03 2022-04-29
5.0
None Remote Low Not required Partial None None
Improper input validation vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to read files upload via network..
1218 CVE-2021-20706 20 2021-11-03 2022-04-29
5.0
None Remote Low Not required None Partial None
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
1219 CVE-2021-20705 20 2021-11-03 2022-04-29
5.0
None Remote Low Not required None Partial None
Improper input validation vulnerability in the WebManager CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote file upload via network.
1220 CVE-2021-20704 120 Exec Code Overflow 2021-11-03 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in the compatible API with previous versions CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
1221 CVE-2021-20703 120 Exec Code Overflow 2021-11-03 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
1222 CVE-2021-20702 120 Exec Code Overflow 2021-11-03 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in the Transaction Server CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
1223 CVE-2021-20701 120 Exec Code Overflow 2021-11-03 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
1224 CVE-2021-20700 120 Exec Code Overflow 2021-11-03 2022-04-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in the Disk Agent CLUSTERPRO X 4.3 for Windows and earlier, EXPRESSCLUSTER X 4.3 for Windows and earlier, CLUSTERPRO X 4.3 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 4.3 SingleServerSafe for Windows and earlier allows attacker to remote code execution via a network.
1225 CVE-2021-20601 20 2021-11-23 2021-11-29
7.8
None Remote Low Not required None Complete None
Improper input validation vulnerability in GOT2000 series GT27 model all versions, GOT2000 series GT25 model all versions, GOT2000 series GT23 model all versions, GOT2000 series GT21 model all versions, GOT SIMPLE series GS21 model all versions, and GT SoftGOT2000 all versions allows an remote unauthenticated attacker to write a value that exceeds the configured input range limit by sending a malicious packet to rewrite the device value. As a result, the system operation may be affected, such as malfunction.
1226 CVE-2021-20136 863 Exec Code 2021-11-01 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability allowing database configuration overwrite. An unauthenticated remote attacker can send a specially crafted message to Log360 to change its backend database to an attacker-controlled database and to force Log360 to restart. An attacker can leverage this vulnerability to achieve remote code execution by replacing files executed by Log360 on startup.
1227 CVE-2021-20135 269 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
Nessus versions 8.15.2 and earlier were found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. Tenable has included a fix for this issue in Nessus 10.0.0. The installation files can be obtained from the Tenable Downloads Portal (https://www.tenable.com/downloads/nessus).
1228 CVE-2021-20119 863 Bypass 2021-11-09 2021-11-15
4.9
None Local Network Medium ??? Partial Partial Partial
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
1229 CVE-2021-4026 668 2021-11-30 2021-12-01
4.0
None Remote Low ??? Partial None None
bookstack is vulnerable to Improper Access Control
1230 CVE-2021-4020 79 XSS 2021-11-27 2021-11-30
3.5
None Remote Medium ??? None Partial None
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1231 CVE-2021-3976 352 CSRF 2021-11-19 2021-11-23
4.3
None Remote Medium Not required None Partial None
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
1232 CVE-2021-3974 416 2021-11-19 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
vim is vulnerable to Use After Free
1233 CVE-2021-3973 122 Overflow 2021-11-19 2022-03-29
9.3
None Remote Medium Not required Complete Complete Complete
vim is vulnerable to Heap-based Buffer Overflow
1234 CVE-2021-3968 122 Overflow 2021-11-19 2022-02-05
8.5
None Remote Medium ??? Complete Complete Complete
vim is vulnerable to Heap-based Buffer Overflow
1235 CVE-2021-3963 352 CSRF 2021-11-19 2021-11-23
4.3
None Remote Medium Not required None Partial None
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
1236 CVE-2021-3962 416 2021-11-19 2021-11-28
6.8
None Remote Medium Not required Partial Partial Partial
A flaw was found in ImageMagick where it did not properly sanitize certain input before using it to invoke convert processes. This flaw allows an attacker to create a specially crafted image that leads to a use-after-free vulnerability when processed by ImageMagick. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
1237 CVE-2021-3961 79 XSS 2021-11-19 2021-11-23
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1238 CVE-2021-3958 89 Sql 2021-11-16 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
Due to improper sanitization iPack SCADA Automation software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system.
1239 CVE-2021-3957 352 CSRF 2021-11-19 2021-11-23
4.3
None Remote Medium Not required None Partial None
kimai2 is vulnerable to Cross-Site Request Forgery (CSRF)
1240 CVE-2021-3950 79 XSS 2021-11-19 2021-11-23
3.5
None Remote Medium ??? None Partial None
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1241 CVE-2021-3945 79 XSS 2021-11-13 2021-11-16
4.3
None Remote Medium Not required None Partial None
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1242 CVE-2021-3943 20 Exec Code 2021-11-22 2021-11-23
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A remote code execution risk when restoring backup files was identified.
1243 CVE-2021-3939 763 2021-11-17 2021-11-19
7.2
None Local Low Not required Complete Complete Complete
Ubuntu-specific modifications to accountsservice (in patch file debian/patches/0010-set-language.patch) caused the fallback_locale variable, pointing to static storage, to be freed, in the user_change_language_authorized_cb function. This is reachable via the SetLanguage dbus function. This is fixed in versions 0.6.55-0ubuntu12~20.04.5, 0.6.55-0ubuntu13.3, 0.6.55-0ubuntu14.1.
1244 CVE-2021-3938 79 XSS 2021-11-13 2021-11-16
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1245 CVE-2021-3935 89 Sql 2021-11-22 2022-03-16
5.1
None Remote High Not required Partial Partial Partial
When PgBouncer is configured to use "cert" authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
1246 CVE-2021-3934 78 2021-11-12 2021-12-08
5.1
None Remote High Not required Partial Partial Partial
ohmyzsh is vulnerable to Improper Neutralization of Special Elements used in an OS Command
1247 CVE-2021-3932 352 CSRF 2021-11-13 2021-11-16
4.3
None Remote Medium Not required None Partial None
twill is vulnerable to Cross-Site Request Forgery (CSRF)
1248 CVE-2021-3931 352 CSRF 2021-11-13 2021-11-16
4.3
None Remote Medium Not required None Partial None
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
1249 CVE-2021-3928 457 2021-11-05 2022-03-29
4.6
None Local Low Not required Partial Partial Partial
vim is vulnerable to Use of Uninitialized Variable
1250 CVE-2021-3927 122 Overflow 2021-11-05 2022-03-29
6.8
None Remote Medium Not required Partial Partial Partial
vim is vulnerable to Heap-based Buffer Overflow
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 (This Page)26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.