| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-44429 |
120 |
|
DoS |
2021-11-29 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145. |
|
2 |
CVE-2021-44428 |
120 |
|
DoS |
2021-11-29 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1. |
|
3 |
CVE-2021-44427 |
89 |
|
Sql |
2021-11-29 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter. |
|
4 |
CVE-2021-44230 |
732 |
|
|
2021-11-30 |
2021-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files. |
|
5 |
CVE-2021-44225 |
668 |
|
Bypass |
2021-11-26 |
2022-03-31 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property |
|
6 |
CVE-2021-44223 |
|
|
Exec Code |
2021-11-25 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. |
|
7 |
CVE-2021-44219 |
|
|
|
2021-11-24 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Gin-Vue-Admin before 2.4.6 mishandles a SQL database. |
|
8 |
CVE-2021-44203 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
9 |
CVE-2021-44202 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
10 |
CVE-2021-44201 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
11 |
CVE-2021-44200 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
12 |
CVE-2021-44198 |
427 |
|
|
2021-11-29 |
2021-11-30 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035 |
|
13 |
CVE-2021-44150 |
327 |
|
|
2021-11-22 |
2021-11-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. |
|
14 |
CVE-2021-44147 |
611 |
|
|
2021-11-22 |
2021-11-23 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. |
|
15 |
CVE-2021-44144 |
125 |
|
|
2021-11-22 |
2021-11-24 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. |
|
16 |
CVE-2021-44143 |
787 |
|
Exec Code Overflow |
2021-11-22 |
2021-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. |
|
17 |
CVE-2021-44140 |
276 |
|
|
2021-11-24 |
2021-11-29 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later. |
|
18 |
CVE-2021-44094 |
434 |
|
Exec Code |
2021-11-28 |
2021-11-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file |
|
19 |
CVE-2021-44093 |
434 |
|
Exec Code Bypass |
2021-11-28 |
2021-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell |
|
20 |
CVE-2021-44079 |
77 |
|
Exec Code |
2021-11-22 |
2021-12-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. |
|
21 |
CVE-2021-44077 |
287 |
|
Exec Code |
2021-11-29 |
2022-03-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration. |
|
22 |
CVE-2021-44038 |
269 |
|
|
2021-11-19 |
2021-11-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. |
|
23 |
CVE-2021-44037 |
640 |
|
|
2021-11-19 |
2021-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. |
|
24 |
CVE-2021-44036 |
352 |
|
CSRF |
2021-11-19 |
2021-11-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. |
|
25 |
CVE-2021-44033 |
307 |
|
Bypass |
2021-11-19 |
2021-11-23 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. |
|
26 |
CVE-2021-44026 |
89 |
|
Sql |
2021-11-19 |
2021-12-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
|
27 |
CVE-2021-44025 |
79 |
|
XSS |
2021-11-19 |
2021-12-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. |
|
28 |
CVE-2021-43998 |
732 |
|
|
2021-11-30 |
2022-01-07 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0. |
|
29 |
CVE-2021-43997 |
|
|
|
2021-11-17 |
2021-11-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2. |
|
30 |
CVE-2021-43996 |
|
|
|
2021-11-17 |
2021-11-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control. |
|
31 |
CVE-2021-43979 |
755 |
|
Bypass |
2021-11-17 |
2021-11-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent. |
|
32 |
CVE-2021-43977 |
79 |
|
XSS |
2021-11-17 |
2021-11-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. |
|
33 |
CVE-2021-43976 |
|
|
DoS |
2021-11-17 |
2022-04-06 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). |
|
34 |
CVE-2021-43975 |
787 |
|
|
2021-11-17 |
2022-04-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. |
|
35 |
CVE-2021-43790 |
416 |
|
Mem. Corr. |
2021-11-30 |
2021-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading. |
|
36 |
CVE-2021-43788 |
22 |
|
Dir. Trav. |
2021-11-29 |
2021-11-30 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Nodebb is an open source Node.js based forum software. Prior to v1.18.5, a path traversal vulnerability was present that allowed users to access JSON files outside of the expected `languages/` directory. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. |
|
37 |
CVE-2021-43787 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. |
|
38 |
CVE-2021-43786 |
287 |
|
|
2021-11-29 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible. |
|
39 |
CVE-2021-43785 |
79 |
|
Exec Code XSS |
2021-11-26 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. |
|
40 |
CVE-2021-43783 |
22 |
|
Dir. Trav. |
2021-11-29 |
2021-12-01 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates. |
|
41 |
CVE-2021-43780 |
918 |
|
|
2021-11-24 |
2021-11-30 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash's configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables. |
|
42 |
CVE-2021-43778 |
22 |
|
Dir. Trav. |
2021-11-24 |
2021-12-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file. |
|
43 |
CVE-2021-43777 |
601 |
|
CSRF |
2021-11-24 |
2021-11-30 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. |
|
44 |
CVE-2021-43776 |
79 |
|
XSS |
2021-11-26 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. |
|
45 |
CVE-2021-43775 |
22 |
|
Dir. Trav. |
2021-11-23 |
2022-05-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. |
|
46 |
CVE-2021-43771 |
863 |
|
Exec Code |
2021-11-30 |
2021-11-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control privilege escalation vulnerability that could allow an attacker to establish a connection that could lead to full local privilege escalation within the application. Please note that an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
|
47 |
CVE-2021-43698 |
79 |
|
XSS |
2021-11-29 |
2021-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability. |
|
48 |
CVE-2021-43697 |
79 |
|
XSS |
2021-11-29 |
2021-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability. |
|
49 |
CVE-2021-43696 |
79 |
|
XSS |
2021-11-29 |
2021-12-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. |
|
50 |
CVE-2021-43695 |
79 |
|
XSS |
2021-11-29 |
2021-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. |
