CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2020-15940 79 XSS 2021-11-02 2021-11-04
3.5
None Remote Medium ??? None Partial None
An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server.
1452 CVE-2020-15935 312 2021-11-02 2021-11-04
4.0
None Remote Low ??? Partial None None
A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.
1453 CVE-2020-14424 79 XSS 2021-11-14 2021-11-16
4.3
None Remote Medium Not required None Partial None
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
1454 CVE-2020-12964 269 DoS +Info 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
A potential privilege escalation/denial of service issue exists in the AMD Radeon Kernel Mode driver Escape 0x2000c00 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck or write to leak information.
1455 CVE-2020-12963 763 2021-11-15 2021-11-18
7.2
None Local Low Not required Complete Complete Complete
An insufficient pointer validation vulnerability in the AMD Graphics Driver for Windows may allow unprivileged users to compromise the system.
1456 CVE-2020-12962 269 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
Escape call interface in the AMD Graphics Driver for Windows may cause privilege escalation.
1457 CVE-2020-12961 Bypass 2021-11-16 2021-11-19
4.6
None Local Low Not required Partial Partial Partial
A potential vulnerability exists in AMD Platform Security Processor (PSP) that may allow an attacker to zero any privileged register on the System Management Network which may lead to bypassing SPI ROM protections.
1458 CVE-2020-12960 20 DoS 2021-11-15 2021-11-17
2.1
None Local Low Not required None None Partial
AMD Graphics Driver for Windows 10, amdfender.sys may improperly handle input validation on InputBuffer which may result in a denial of service (DoS).
1459 CVE-2020-12954 863 Bypass 2021-11-16 2021-11-18
2.1
None Local Low Not required None Partial None
A side effect of an integrated chipset option may be able to be used by an attacker to bypass SPI ROM protections, allowing unauthorized SPI ROM modification.
1460 CVE-2020-12951 362 2021-11-16 2022-05-12
4.4
None Local Medium Not required Partial Partial Partial
Race condition in ASP firmware could allow less privileged x86 code to perform ASP SMM (System Management Mode) operations.
1461 CVE-2020-12946 77 DoS 2021-11-16 2022-05-12
6.6
None Local Low Not required None Complete Complete
Insufficient input validation in ASP firmware for discrete TPM commands could allow a potential loss of integrity and denial of service.
1462 CVE-2020-12944 20 Exec Code 2021-11-16 2022-05-11
4.6
None Local Low Not required Partial Partial Partial
Insufficient validation of BIOS image length by ASP Firmware could lead to arbitrary code execution.
1463 CVE-2020-12929 20 Exec Code Bypass 2021-11-15 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
Improper parameters validation in some trusted applications of the PSP contained in the AMD Graphics Driver may allow a local attacker to bypass security restrictions and achieve arbitrary code execution .
1464 CVE-2020-12920 DoS 2021-11-15 2021-11-18
2.1
None Local Low Not required None None Partial
A potential denial of service issue exists in the AMD Display driver Escape 0x130007 Call handler. An attacker with low privilege could potentially induce a Windows BugCheck.
1465 CVE-2020-12905 125 2021-11-15 2021-11-18
2.1
None Local Low Not required Partial None None
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004403 may lead to arbitrary information disclosure.
1466 CVE-2020-12904 125 2021-11-15 2021-11-18
2.1
None Local Low Not required Partial None None
Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3004203 may lead to arbitrary information disclosure.
1467 CVE-2020-12903 787 DoS 2021-11-15 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service.
1468 CVE-2020-12902 269 DoS 2021-11-15 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
1469 CVE-2020-12901 416 Bypass 2021-11-15 2021-11-17
2.1
None Local Low Not required Partial None None
Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or information disclosure.
1470 CVE-2020-12900 269 DoS +Priv 2021-11-15 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
An arbitrary write vulnerability in the AMD Radeon Graphics Driver for Windows 10 potentially allows unprivileged users to gain Escalation of Privileges and cause Denial of Service.
1471 CVE-2020-12899 200 DoS Bypass +Info 2021-11-15 2021-11-17
3.6
None Local Low Not required Partial None Partial
Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR bypass or denial of service.
1472 CVE-2020-12898 787 DoS Overflow 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service.
1473 CVE-2020-12897 200 Bypass +Info 2021-11-15 2021-11-17
2.1
None Local Low Not required Partial None None
Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 may lead to KASLR bypass.
1474 CVE-2020-12895 787 DoS Overflow 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service.
1475 CVE-2020-12894 787 DoS 2021-11-15 2021-11-17
3.6
None Local Low Not required None Partial Partial
Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service.
1476 CVE-2020-12893 787 DoS Overflow 2021-11-15 2021-11-17
4.6
None Local Low Not required Partial Partial Partial
Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service.
1477 CVE-2020-12892 426 Exec Code 2021-11-15 2021-11-18
4.4
None Local Medium Not required Partial Partial Partial
An untrusted search path in AMD Radeon settings Installer may lead to a privilege escalation or unauthorized code execution.
1478 CVE-2020-12814 79 Exec Code XSS 2021-11-02 2021-11-03
3.5
None Remote Medium ??? None Partial None
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.
1479 CVE-2020-12488 668 2021-11-10 2021-11-15
2.1
None Local Low Not required Partial None None
The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission.
1480 CVE-2020-10054 2021-11-09 2021-11-11
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.
1481 CVE-2020-10053 312 2021-11-09 2021-11-11
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as database credentials in configuration files. A local attacker with access to the configuration files could use this information to launch further attacks.
1482 CVE-2020-10052 532 2021-11-09 2021-11-11
2.1
None Local Low Not required Partial None None
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application writes sensitive data, such as usernames and passwords in log files. A local attacker with access to the log files could use this information to launch further attacks.
1483 CVE-2020-8741 276 2021-11-17 2021-11-19
4.6
None Local Low Not required Partial Partial Partial
Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions, for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
1484 CVE-2020-7882 22 Dir. Trav. 2021-11-22 2021-11-26
6.4
None Remote Low Not required Partial Partial None
Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../')
1485 CVE-2020-7881 190 Exec Code Overflow 2021-11-26 2021-11-30
6.5
None Remote Low ??? Partial Partial Partial
The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length.
1486 CVE-2020-7880 20 2021-11-30 2021-12-01
9.3
None Remote Medium Not required Complete Complete Complete
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX.
1487 CVE-2020-7879 78 Exec Code 2021-11-30 2021-12-01
6.8
None Remote Medium Not required Partial Partial Partial
This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command.
1488 CVE-2020-6931 269 2021-11-03 2021-11-05
4.6
None Local Low Not required Partial Partial Partial
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
1489 CVE-2020-6492 416 2021-11-02 2021-11-03
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
1490 CVE-2020-5955 269 2021-11-03 2022-04-12
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.
1491 CVE-2020-4160 668 +Info 2021-11-08 2021-11-09
4.3
None Remote Medium Not required Partial None None
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.
1492 CVE-2020-4153 79 XSS 2021-11-08 2021-11-09
3.5
None Remote Medium ??? None Partial None
IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269.
1493 CVE-2020-4152 319 2021-11-08 2021-11-09
4.3
None Remote Medium Not required Partial None None
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.
1494 CVE-2020-4146 200 +Info 2021-11-12 2021-11-16
5.0
None Remote Low Not required Partial None None
IBM Security SiteProtector System 3.1.1 could allow a remote attacker to obtain sensitive information, caused by missing 'HttpOnly' flag. A remote attacker could exploit this vulnerability to obtain sensitive information. IBM X-Force ID: 174129.
1495 CVE-2020-4140 79 XSS 2021-11-12 2021-11-16
3.5
None Remote Medium ??? None Partial None
IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174052.
1496 CVE-2019-18916 269 2021-11-09 2021-11-15
4.6
None Local Low Not required Partial Partial Partial
A potential security vulnerability has been identified for HP LaserJet Solution Software (for certain HP LaserJet Printers) which may lead to unauthorized elevation of privilege on the client.
1497 CVE-2019-18914 79 XSS 2021-11-09 2021-11-15
4.3
None Remote Medium Not required None Partial None
A potential security vulnerability has been identified for certain HP printers and MFPs that would allow redirection page Cross-Site Scripting in a client’s browser by clicking on a third-party malicious link.
1498 CVE-2019-18912 2021-11-09 2021-11-11
4.6
None Local Low Not required Partial Partial Partial
A potential security vulnerability has been identified for certain HP printers and MFPs with Troy solutions. For affected printers with FutureSmart Firmware bundle version 4.9 or 4.9.0.1 the potential vulnerability may cause instability in the solution.
1499 CVE-2019-16240 120 Overflow 2021-11-09 2021-11-15
5.8
None Remote Medium Not required Partial None Partial
A Buffer Overflow and Information Disclosure issue exists in HP OfficeJet Pro Printers before 001.1937C, and HP PageWide Managed Printers and HP PageWide Pro Printers before 001.1937D exists; A maliciously crafted print file might cause certain HP Inkjet printers to assert. Under certain circumstances, the printer produces a core dump to a local device.
1500 CVE-2019-8922 787 Overflow 2021-11-29 2021-12-15
5.8
None Local Network Low Not required Partial Partial Partial
A heap-based buffer overflow was discovered in bluetoothd in BlueZ through 5.48. There isn't any check on whether there is enough space in the destination buffer. The function simply appends all data passed to it. The values of all attributes that are requested are appended to the output buffer. There are no size checks whatsoever, resulting in a simple heap overflow if one can craft a request where the response is large enough to overflow the preallocated buffer. This issue exists in service_attr_req gets called by process_request (in sdpd-request.c), which also allocates the response buffer.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.