CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2020-23889 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV starting at Editor!TMethodImplementationIntercept+0x4189c6 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted ico file.
1402 CVE-2020-23888 787 DoS 2021-11-10 2021-11-13
4.3
None Remote Medium Not required None None Partial
A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 of WildBit Viewer v6.6 allows attackers to cause a denial of service (DoS) via a crafted psd file.
1403 CVE-2020-23887 787 DoS Overflow 2021-11-10 2021-11-15
4.3
None Remote Medium Not required None None Partial
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33.
1404 CVE-2020-23886 787 DoS Overflow 2021-11-10 2021-11-15
4.3
None Remote Medium Not required None None Partial
XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service (DoS) via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree.
1405 CVE-2020-23884 120 DoS Overflow 2021-11-10 2021-11-12
4.3
None Remote Medium Not required None None Partial
A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial of service (DoS) via a crafted MNG file.
1406 CVE-2020-23879 476 2021-11-10 2021-11-12
5.0
None Remote Low Not required None None Partial
pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject.
1407 CVE-2020-23878 787 Overflow 2021-11-10 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch.
1408 CVE-2020-23877 787 Overflow 2021-11-10 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
pdf2xml v2.0 was discovered to contain a stack buffer overflow in the component getObjectStream.
1409 CVE-2020-23876 401 2021-11-10 2021-11-12
5.0
None Remote Low Not required None None Partial
pdf2xml v2.0 was discovered to contain a memory leak in the function TextPage::testLinkedText.
1410 CVE-2020-23874 787 Overflow 2021-11-10 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::addAttributsNode.
1411 CVE-2020-23873 787 Overflow 2021-11-10 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the function TextPage::dump.
1412 CVE-2020-23872 476 DoS 2021-11-10 2021-11-12
5.0
None Remote Low Not required None None Partial
A NULL pointer dereference in the function TextPage::restoreState of pdf2xml v2.0 allows attackers to cause a denial of service (DoS).
1413 CVE-2020-23754 79 Exec Code XSS 2021-11-02 2021-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.
1414 CVE-2020-23719 79 Exec Code XSS 2021-11-02 2021-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter.
1415 CVE-2020-23718 79 Exec Code XSS 2021-11-02 2021-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php.
1416 CVE-2020-23686 352 CSRF 2021-11-02 2021-11-08
6.8
None Remote Medium Not required Partial Partial Partial
Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows attackers to change an administrators password or other unspecified impacts.
1417 CVE-2020-23685 89 Exec Code +Priv Sql 2021-11-02 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
1418 CVE-2020-23680 DoS 2021-11-03 2021-11-05
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.
1419 CVE-2020-23679 120 Exec Code Overflow 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1.0, allows attackers to execute arbitrary code, via the password field.
1420 CVE-2020-23572 434 Exec Code 2021-11-08 2021-11-13
6.8
None Remote Medium Not required Partial Partial Partial
BEESCMS v4.0 was discovered to contain an arbitrary file upload vulnerability via the component /admin/upload.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
1421 CVE-2020-23567 369 DoS 2021-11-05 2021-11-08
4.3
None Remote Medium Not required None None Partial
Irfanview v4.53 allows attackers to to cause a denial of service (DoS) via a crafted JPEG 2000 file. Related to "Integer Divide By Zero starting at JPEG2000!ShowPlugInSaveOptions_W+0x00000000000082ea"
1422 CVE-2020-23566 835 2021-11-05 2021-11-08
4.3
None Remote Medium Not required None None Partial
Irfanview v4.53 was discovered to contain an infinity loop via JPEG2000!ShowPlugInSaveOptions_W+0x1ecd8.
1423 CVE-2020-23565 Exec Code 2021-11-05 2021-11-08
6.8
None Remote Medium Not required Partial Partial Partial
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".
1424 CVE-2020-23126 79 XSS 2021-11-03 2021-11-04
4.3
None Remote Medium Not required None Partial None
Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends.
1425 CVE-2020-23109 120 DoS Overflow 2021-11-03 2021-11-05
5.8
None Remote Medium Not required Partial None Partial
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
1426 CVE-2020-22719 79 XSS 2021-11-22 2021-11-23
3.5
None Remote Medium ??? None Partial None
Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field.
1427 CVE-2020-22226 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionSetAmount function.
1428 CVE-2020-22225 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoadForm function.
1429 CVE-2020-22224 79 XSS 2021-11-05 2021-11-09
4.3
None Remote Medium Not required None Partial None
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionPreview function.
1430 CVE-2020-22223 89 Sql 2021-11-05 2021-11-09
7.5
None Remote Low Not required Partial Partial Partial
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a SQL injection vulnerability via the pjActionLoad function.
1431 CVE-2020-22222 79 XSS 2021-11-05 2021-11-09
4.3
None Remote Medium Not required None Partial None
Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the pjActionLoadCss function.
1432 CVE-2020-21639 79 XSS 2021-11-16 2021-11-18
4.3
None Remote Medium Not required None Partial None
Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
1433 CVE-2020-21627 DoS 2021-11-16 2021-11-18
5.0
None Remote Low Not required None None Partial
Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors.
1434 CVE-2020-21574 120 DoS Overflow 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows attackers to cause a denial of service via a long url request which is passed to the delimitedread function.
1435 CVE-2020-21573 400 DoS 2021-11-02 2021-11-04
4.3
None Remote Medium Not required None None Partial
An issue was discoverered in in abhijitnathwani image-processing v0.1.0, allows local attackers to cause a denial of service via a crafted image file.
1436 CVE-2020-21572 120 DoS Overflow 2021-11-02 2021-11-04
5.0
None Remote Low Not required None None Partial
Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 trgil gilcc before commit 803969389ca9c06237075a7f8eeb1a19e6651759, allows attackers to cause a denial of service.
1437 CVE-2020-21141 352 CSRF 2021-11-12 2021-11-16
6.8
None Remote Medium Not required Partial Partial Partial
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
1438 CVE-2020-21139 352 CSRF 2021-11-04 2021-11-05
4.3
None Remote Medium Not required None Partial None
EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add admin accounts via /admin.html?do=user&act=add.
1439 CVE-2020-20982 79 Exec Code +Priv XSS 2021-11-03 2021-11-04
6.8
None Remote Medium Not required Partial Partial Partial
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php.
1440 CVE-2020-20658 120 Overflow 2021-11-02 2021-11-03
5.0
None Remote Low Not required None None Partial
Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denail of service when trying to calloc an unexpectiedly large space.
1441 CVE-2020-20657 120 DoS Overflow 2021-11-02 2021-11-03
5.0
None Remote Low Not required None None Partial
Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows attackers to cause a denial of service via an unexpected packet while trying to connect.
1442 CVE-2020-18440 120 Exec Code Overflow 2021-11-02 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow vulnerability in framework/init.php in qinggan phpok 5.1, allows attackers to execute arbitrary code.
1443 CVE-2020-18439 2021-11-02 2021-11-03
6.4
None Remote Low Not required Partial Partial None
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
1444 CVE-2020-18438 22 Dir. Trav. 2021-11-02 2021-11-03
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in qinggan phpok 5.1, allows attackers to disclose sensitive information, via the title parameter to admin.php.
1445 CVE-2020-18263 89 Sql 2021-11-03 2021-11-05
5.0
None Remote Low Not required Partial None None
PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information.
1446 CVE-2020-18262 89 Sql 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter.
1447 CVE-2020-18261 434 Exec Code 2021-11-03 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
An arbitrary file upload vulnerability in the image upload function of ED01-CMS v1.0 allows attackers to execute arbitrary commands.
1448 CVE-2020-18259 79 XSS 2021-11-03 2021-11-05
4.3
None Remote Medium Not required None Partial None
ED01-CMS v1.0 was discovered to contain a reflective cross-site scripting (XSS) vulnerability in the component sposts.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the Post title or Post content fields.
1449 CVE-2020-16152 829 Exec Code 2021-11-14 2021-11-18
10.0
None Remote Low Not required Complete Complete Complete
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file.
1450 CVE-2020-16048 125 2021-11-02 2021-11-04
4.3
None Remote Medium Not required Partial None None
Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.