CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2021-0152 347 DoS 2021-11-17 2021-11-23
2.1
None Local Low Not required None None Partial
Improper verification of cryptographic signature in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
1352 CVE-2021-0151 863 2021-11-17 2021-11-22
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the installer for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
1353 CVE-2021-0148 532 2021-11-17 2021-11-22
2.1
None Local Low Not required Partial None None
Insertion of information into log file in firmware for some Intel(R) SSD DC may allow a privileged user to potentially enable information disclosure via local access.
1354 CVE-2021-0146 2021-11-17 2022-05-03
4.6
None Local Low Not required Partial Partial Partial
Hardware allows activation of test or debug logic at runtime for some Intel(R) processors which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
1355 CVE-2021-0135 20 2021-11-17 2021-11-22
4.6
None Local Low Not required Partial Partial Partial
Improper input validation in the Intel(R) Ethernet Diagnostic Driver for Windows before version 1.4.0.10 may allow a privileged user to potentially enable escalation of privilege via local access.
1356 CVE-2021-0121 269 2021-11-17 2021-11-19
4.6
None Local Low Not required Partial Partial Partial
Improper access control in the installer for some Intel(R) Iris(R) Xe MAX Dedicated Graphics Drivers for Windows 10 before version 27.20.100.9466 may allow authenticated user to potentially enable escalation of privilege via local access.
1357 CVE-2021-0120 665 DoS 2021-11-17 2021-11-22
2.1
None Local Low Not required None None Partial
Improper initialization in the installer for some Intel(R) Graphics DCH Drivers for Windows 10 before version 27.20.100.9316 may allow an authenticated user to potentially enable denial of service via local access.
1358 CVE-2021-0110 863 DoS 2021-11-17 2021-11-19
2.1
None Local Low Not required None None Partial
Improper access control in some Intel(R) Thunderbolt(TM) Windows DCH Drivers before version 1.41.1054.0 may allow unauthenticated user to potentially enable denial of service via local access.
1359 CVE-2021-0096 287 2021-11-17 2021-11-19
4.6
None Local Low Not required Partial Partial Partial
Improper authentication in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN, NUC7i7DN before version 1.78.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
1360 CVE-2021-0082 427 2021-11-17 2021-11-23
4.4
None Local Medium Not required Partial Partial Partial
Uncontrolled search path in software installer for Intel(R) PROSet/Wireless WiFi in Windows 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
1361 CVE-2021-0079 20 DoS 2021-11-17 2021-11-19
6.1
None Local Network Low Not required None None Complete
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
1362 CVE-2021-0078 20 DoS 2021-11-17 2021-11-19
6.8
None Local Network Low Not required Partial None Complete
Improper input validation in software for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.
1363 CVE-2021-0075 787 DoS 2021-11-17 2021-11-21
2.1
None Local Low Not required None None Partial
Out-of-bounds write in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow a privileged user to potentially enable denial of service via local access.
1364 CVE-2021-0071 20 2021-11-17 2021-11-21
5.8
None Local Network Low Not required Partial Partial Partial
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
1365 CVE-2021-0069 20 DoS 2021-11-17 2021-11-21
3.3
None Local Network Low Not required None None Partial
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and some Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
1366 CVE-2021-0065 276 2021-11-17 2021-11-21
4.6
None Local Low Not required Partial Partial Partial
Incorrect default permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
1367 CVE-2021-0064 732 2021-11-17 2022-05-03
4.6
None Local Low Not required Partial Partial Partial
Insecure inherited permissions in the Intel(R) PROSet/Wireless WiFi software installer for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.
1368 CVE-2021-0063 20 DoS 2021-11-17 2021-11-19
6.1
None Local Network Low Not required None None Complete
Improper input validation in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
1369 CVE-2021-0053 665 2021-11-17 2021-11-19
2.7
None Local Network Low ??? Partial None None
Improper initialization in firmware for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi in Windows 10 may allow an authenticated user to potentially enable information disclosure via adjacent access.
1370 CVE-2021-0013 20 DoS 2021-11-17 2021-11-19
5.0
None Remote Low Not required None None Partial
Improper input validation for Intel(R) EMA before version 1.5.0 may allow an unauthenticated user to potentially enable denial of service via network access.
1371 CVE-2020-36505 352 CSRF 2021-11-01 2021-11-03
4.3
None Remote Medium Not required None Partial None
The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a logged in admin delete all comments from the blog.
1372 CVE-2020-36504 352 CSRF 2021-11-01 2021-11-03
4.3
None Remote Medium Not required None Partial None
The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check in place when deleting a quiz, which could allow an attacker to make a logged in admin delete arbitrary quiz on the blog
1373 CVE-2020-36503 1236 2021-11-01 2021-11-03
6.0
None Remote Medium ??? Partial Partial Partial
The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue
1374 CVE-2020-35249 79 Exec Code XSS 2021-11-02 2021-11-03
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows attackers to execute arbitrary code via the name parameter to the add client feature.
1375 CVE-2020-28702 89 Sql 2021-11-01 2021-11-08
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information.
1376 CVE-2020-28419 94 Exec Code 2021-11-09 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
During installation with certain driver software or application packages an arbitrary code execution could occur.
1377 CVE-2020-28416 Exec Code 2021-11-03 2021-11-15
4.6
None Local Low Not required Partial Partial Partial
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
1378 CVE-2020-28137 352 DoS CSRF 2021-11-10 2021-11-13
7.1
None Remote Medium Not required None None Complete
Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.
1379 CVE-2020-27820 416 2021-11-03 2021-11-04
4.7
None Local Medium Not required None None Complete
A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if "unbind" the driver).
1380 CVE-2020-27406 79 Exec Code XSS 2021-11-02 2021-11-03
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authenticated attackers to execute arbitrary code via the groupname.
1381 CVE-2020-25368 77 Exec Code 2021-11-04 2021-11-08
7.5
None Remote Low Not required Partial Partial Partial
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the PrivateLogin field to Login.
1382 CVE-2020-25367 77 Exec Code 2021-11-04 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices with firmware V1.0.2B05. An attacker is able to execute arbitrary web scripts via shell metacharacters in the Captcha field to Login.
1383 CVE-2020-25366 862 DoS 2021-11-04 2021-11-06
8.5
None Remote Low Not required None Partial Complete
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors.
1384 CVE-2020-24743 +Priv 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
1385 CVE-2020-24000 89 Exec Code Sql 2021-11-03 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php.
1386 CVE-2020-23906 345 DoS 2021-11-10 2021-11-16
4.3
None Remote Medium Not required None None Partial
FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity.
1387 CVE-2020-23904 787 DoS Overflow 2021-11-10 2022-04-18
4.3
None Remote Medium Not required None None Partial
** DISPUTED ** A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program."
1388 CVE-2020-23903 369 DoS 2021-11-10 2022-04-05
4.3
None Remote Medium Not required None None Partial
A Divide by Zero vulnerability in the function static int read_samples of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file.
1389 CVE-2020-23902 120 DoS Overflow 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address may be used as a return value starting at Editor!TMethodImplementationIntercept+0x528a3.
1390 CVE-2020-23901 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
1391 CVE-2020-23900 120 DoS Overflow 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file. Related to Data from Faulting Address controls Code Flow starting at Editor!TMethodImplementationIntercept+0x57a3b.
1392 CVE-2020-23899 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
1393 CVE-2020-23898 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
1394 CVE-2020-23897 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tga file.
1395 CVE-2020-23896 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
1396 CVE-2020-23895 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
1397 CVE-2020-23894 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
1398 CVE-2020-23893 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
1399 CVE-2020-23891 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted tiff file.
1400 CVE-2020-23890 120 DoS Overflow 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted JPG file. Related to Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at JPGCodec+0x753648.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.