CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44429 120 DoS 2021-11-29 2021-11-30
5.0
None Remote Low Not required None None Partial
Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
2 CVE-2021-44428 120 DoS 2021-11-29 2021-11-30
5.0
None Remote Low Not required None None Partial
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
3 CVE-2021-44427 89 Sql 2021-11-29 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
4 CVE-2021-44225 668 Bypass 2021-11-26 2022-03-31
5.5
None Remote Low ??? Partial Partial None
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
5 CVE-2021-44223 Exec Code 2021-11-25 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
6 CVE-2021-44219 2021-11-24 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
7 CVE-2021-44144 125 2021-11-22 2021-11-24
6.4
None Remote Low Not required Partial None Partial
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
8 CVE-2021-44143 787 Exec Code Overflow 2021-11-22 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
9 CVE-2021-44140 276 2021-11-24 2021-11-29
6.4
None Remote Low Not required None Partial Partial
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.
10 CVE-2021-44094 434 Exec Code 2021-11-28 2021-11-29
6.8
None Remote Medium Not required Partial Partial Partial
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
11 CVE-2021-44093 434 Exec Code Bypass 2021-11-28 2021-11-29
7.5
None Remote Low Not required Partial Partial Partial
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
12 CVE-2021-44079 77 Exec Code 2021-11-22 2021-12-14
7.5
None Remote Low Not required Partial Partial Partial
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
13 CVE-2021-44077 287 Exec Code 2021-11-29 2022-03-29
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
14 CVE-2021-44038 269 2021-11-19 2021-11-26
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
15 CVE-2021-44037 640 2021-11-19 2021-11-22
5.0
None Remote Low Not required None Partial None
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
16 CVE-2021-44036 352 CSRF 2021-11-19 2021-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.
17 CVE-2021-44026 89 Sql 2021-11-19 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.
18 CVE-2021-43998 732 2021-11-30 2022-01-07
5.5
None Remote Low ??? Partial Partial None
HashiCorp Vault and Vault Enterprise 0.11.0 up to 1.7.5 and 1.8.4 templated ACL policies would always match the first-created entity alias if multiple entity aliases exist for a specified entity and mount combination, potentially resulting in incorrect policy enforcement. Fixed in Vault and Vault Enterprise 1.7.6, 1.8.5, and 1.9.0.
19 CVE-2021-43997 2021-11-17 2021-11-23
7.2
None Local Low Not required Complete Complete Complete
Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2.
20 CVE-2021-43996 2021-11-17 2021-11-19
7.5
None Remote Low Not required Partial Partial Partial
The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control.
21 CVE-2021-43979 755 Bypass 2021-11-17 2021-11-22
5.0
None Remote Low Not required None Partial None
** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent.
22 CVE-2021-43790 416 Mem. Corr. 2021-11-30 2021-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of `lucet-runtime` affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this bug, and dependent on the memory backing for the Instance objects, it is possible to trigger a use-after-free when the Instance is dropped. Users should upgrade to the main branch of the Lucet repository. Lucet no longer provides versioned releases on crates.io. There is no way to remediate this vulnerability without upgrading.
23 CVE-2021-43786 287 2021-11-29 2021-11-30
5.0
None Remote Low Not required Partial None None
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible.
24 CVE-2021-43783 22 Dir. Trav. 2021-11-29 2021-12-01
5.5
None Remote Low ??? None Partial Partial
@backstage/plugin-scaffolder-backend is the backend for the default Backstage software templates. In affected versions a malicious actor with write access to a registered scaffolder template is able to manipulate the template in a way that writes files to arbitrary paths on the scaffolder-backend host instance. This vulnerability can in some situation also be exploited through user input when executing a template, meaning you do not need write access to the templates. This method will not allow the attacker to control the contents of the injected file however, unless the template is also crafted in a specific way that gives control of the file contents. This vulnerability is fixed in version `0.15.14` of the `@backstage/plugin-scaffolder-backend`. This attack is mitigated by restricting access and requiring reviews when registering or modifying scaffolder templates.
25 CVE-2021-43780 918 2021-11-24 2021-11-30
6.0
None Remote Medium ??? Partial Partial Partial
Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one's configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash's configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables.
26 CVE-2021-43778 22 Dir. Trav. 2021-11-24 2021-12-01
5.0
None Remote Low Not required Partial None None
Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file.
27 CVE-2021-43777 601 CSRF 2021-11-24 2021-11-30
5.8
None Remote Medium Not required Partial Partial None
Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability.
28 CVE-2021-43775 22 Dir. Trav. 2021-11-23 2022-05-16
5.0
None Remote Low Not required Partial None None
Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0.
29 CVE-2021-43693 File Inclusion 2021-11-29 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
30 CVE-2021-43691 22 Dir. Trav. 2021-11-29 2021-12-01
7.5
None Remote Low Not required Partial Partial Partial
tripexpress v1.1 is affected by a path manipulation vulnerability in file system/helpers/dompdf/load_font.php. The variable src is coming from $_SERVER["argv"] then there is a path manipulation vulnerability.
31 CVE-2021-43669 444 2021-11-18 2021-11-23
5.0
None Remote Low Not required None None Partial
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.
32 CVE-2021-43667 476 2021-11-18 2021-11-23
5.0
None Remote Low Not required None None Partial
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
33 CVE-2021-43620 2021-11-15 2021-11-18
5.0
None Remote Low Not required None Partial None
An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first '\0' byte, which might not be the end of the string.
34 CVE-2021-43618 190 Overflow 2021-11-15 2021-12-16
5.0
None Remote Low Not required None None Partial
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
35 CVE-2021-43617 434 2021-11-14 2021-11-18
7.5
None Remote Low Not required Partial Partial Partial
Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOTE: this CVE Record is for Laravel Framework, and is unrelated to any reports concerning incorrectly written user applications for image upload.
36 CVE-2021-43616 345 2021-11-13 2022-03-25
7.5
None Remote Low Not required Partial Partial Partial
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.
37 CVE-2021-43611 404 2021-11-12 2021-11-16
5.0
None Remote Low Not required None None Partial
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via " \ " in the display name of a From header.
38 CVE-2021-43610 444 2021-11-12 2021-11-16
5.0
None Remote Low Not required None None Partial
Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056.
39 CVE-2021-43582 416 Exec Code 2021-11-22 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process.
40 CVE-2021-43581 125 Exec Code 2021-11-22 2021-11-26
6.8
None Remote Medium Not required Partial Partial Partial
An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
41 CVE-2021-43578 693 2021-11-12 2021-11-17
5.5
None Remote Low ??? None Partial Partial
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string.
42 CVE-2021-43577 611 2021-11-12 2021-11-17
5.5
None Remote Low ??? Partial Partial None
Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
43 CVE-2021-43573 120 Overflow 2021-11-11 2021-12-21
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame.
44 CVE-2021-43572 347 2021-11-09 2022-03-24
7.5
None Remote Low Not required Partial Partial Partial
The verify function in the Stark Bank Python ECDSA library (aka starkbank-escada or ecdsa-python) before 2.0.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
45 CVE-2021-43571 347 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
46 CVE-2021-43570 347 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
47 CVE-2021-43569 347 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
48 CVE-2021-43568 347 2021-11-09 2021-11-12
7.5
None Remote Low Not required Partial Partial Partial
The verify function in the Stark Bank Elixir ECDSA library (ecdsa-elixir) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
49 CVE-2021-43564 200 +Info 2021-11-10 2021-11-16
5.0
None Remote Low Not required Partial None None
An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf).
50 CVE-2021-43563 287 2021-11-10 2021-11-16
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in the pixxio (aka pixx.io integration or DAM) extension before 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated attacker to perform requests to the pixx.io API for the configured API user. This allows an attacker to download various media files from the DAM system.
Total number of vulnerabilities : 833   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.