| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2021-40751 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-11-18 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Adobe After Effects version 18.4 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .m4a file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required in that the victim must open a specially crafted file to exploit this vulnerability. |
|
52 |
CVE-2021-40733 |
119 |
|
Exec Code Overflow Mem. Corr. |
2021-11-18 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Adobe Animate version 21.0.9 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious .psd file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. |
|
53 |
CVE-2021-40521 |
|
|
Exec Code |
2021-11-10 |
2021-11-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Airangel HSMX Gateway devices through 5.2.04 allow Remote Code Execution. |
|
54 |
CVE-2021-40348 |
94 |
|
Exec Code |
2021-11-01 |
2021-12-04 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Spacewalk 2.10, and derivatives such as Uyuni 2021.08, allows code injection. rhn-config-satellite.pl doesn't sanitize the configuration filename used to append Spacewalk-specific key-value pair. The script is intended to be run by the tomcat user account with Sudo, according to the installation setup. This can lead to the ability of an attacker to use --option to append arbitrary code to a root-owned file that eventually will be executed by the system. This is fixed in Uyuni spacewalk-admin 4.3.2-1. |
|
55 |
CVE-2021-40120 |
20 |
|
Exec Code |
2021-11-04 |
2021-11-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system and execute them using root-level privileges. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as a user with root-level privileges. |
|
56 |
CVE-2021-40119 |
798 |
|
|
2021-11-04 |
2021-11-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. |
|
57 |
CVE-2021-39474 |
78 |
|
Exec Code |
2021-11-10 |
2021-11-16 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device. |
|
58 |
CVE-2021-38873 |
74 |
|
Exec Code |
2021-11-24 |
2021-11-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IBM Planning Analytics 2.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 208396. |
|
59 |
CVE-2021-37158 |
78 |
|
|
2021-11-10 |
2021-11-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. An authenticated attacker could inject OS commands by starting a Counter-Strike server and using the map field to enter a Bash command. |
|
60 |
CVE-2021-37157 |
312 |
|
|
2021-11-10 |
2021-11-12 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An issue was discovered in OpenGamePanel OGP-Agent-Linux through 2021-08-14. $HOME/OGP/Cfg/Config.pm has the root password in cleartext. |
|
61 |
CVE-2021-37102 |
77 |
|
|
2021-11-23 |
2021-11-26 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
There is a command injection vulnerability in CMA service module of FusionCompute product when processing the default certificate file. The software constructs part of a command using external special input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands to the system. Affected product versions include: FusionCompute 6.0.0, 6.3.0, 6.3.1, 6.5.0, 6.5.1, 8.0.0. |
|
62 |
CVE-2021-37022 |
787 |
|
Overflow |
2021-11-23 |
2021-11-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
There is a Heap-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause root permission which can be escalated. |
|
63 |
CVE-2021-37016 |
125 |
|
DoS |
2021-11-23 |
2021-11-29 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
There is a Out-of-bounds Read vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause Information Disclosure or Denial of Service. |
|
64 |
CVE-2021-36313 |
78 |
|
Exec Code |
2021-11-23 |
2021-11-24 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. |
|
65 |
CVE-2021-36312 |
259 |
|
+Priv |
2021-11-23 |
2021-11-24 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Dell EMC CloudLink 7.1 and all prior versions contain a Hard-coded Password Vulnerability. A remote high privileged attacker, with the knowledge of the hard-coded credentials, may potentially exploit this vulnerability to gain unauthorized access to the system. |
|
66 |
CVE-2021-36308 |
287 |
|
Bypass |
2021-11-20 |
2022-04-25 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. |
|
67 |
CVE-2021-36307 |
269 |
|
+Priv |
2021-11-20 |
2021-11-23 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege escalation vulnerability. A malicious low privileged user with specific access to the API could potentially exploit this vulnerability to gain admin privileges on the affected system. |
|
68 |
CVE-2021-36306 |
287 |
|
Bypass |
2021-11-20 |
2021-11-23 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to gain access and perform actions on the affected system. |
|
69 |
CVE-2021-35534 |
863 |
|
Bypass |
2021-11-18 |
2021-11-23 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Insufficient security control vulnerability in internal database access mechanism of Hitachi Energy Relion 670/650/SAM600-IO, Relion 650, GMS600, PWC600 allows attacker who successfully exploited this vulnerability, of which the product does not sufficiently restrict access to an internal database tables, could allow anybody with user credentials to bypass security controls that is enforced by the product. Consequently, exploitation may lead to unauthorized modifications on data/firmware, and/or to permanently disabling the product. This issue affects: Hitachi Energy Relion 670 Series 2.0 all revisions; 2.2.2 all revisions; 2.2.3 versions prior to 2.2.3.5. Hitachi Energy Relion 670/650 Series 2.1 all revisions. 2.2.0 all revisions; 2.2.4 all revisions; Hitachi Energy Relion 670/650/SAM600-IO 2.2.1 all revisions; 2.2.5 versions prior to 2.2.5.2. Hitachi Energy Relion 650 1.0 all revisions. 1.1 all revisions; 1.2 all revisions; 1.3 versions prior to 1.3.0.8; Hitachi Energy GMS600 1.3.0; 1.3.0.1; 1.2.0. Hitachi Energy PWC600 1.0.1 version 1.0.1.4 and prior versions; 1.1.0 version 1.1.0.1 and prior versions. |
|
70 |
CVE-2021-34991 |
787 |
|
Exec Code |
2021-11-15 |
2021-11-17 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6400v2 1.0.4.106_10.0.80 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. When parsing the uuid request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-14110. |
|
71 |
CVE-2021-34594 |
22 |
|
Dir. Trav. |
2021-11-04 |
2021-11-06 |
8.5 |
None |
Remote |
Low |
??? |
None |
Complete |
Complete |
|
TwinCAT OPC UA Server in TF6100 and TS6100 in product versions before 4.3.48.0 or with TcOpcUaServer versions below 3.2.0.194 are prone to a relative path traversal that allow administrators to create or delete any files on the system. |
|
72 |
CVE-2021-34417 |
20 |
|
|
2021-11-11 |
2021-11-16 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This could lead to remote command injection by a web portal administrator. |
|
73 |
CVE-2021-30321 |
120 |
|
Overflow |
2021-11-12 |
2021-11-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity |
|
74 |
CVE-2021-29212 |
22 |
|
Dir. Trav. |
2021-11-01 |
2021-12-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A remote unauthenticated directory traversal security vulnerability has been identified in HPE iLO Amplifier Pack versions 1.80, 1.81, 1.90 and 1.95. The vulnerability could be remotely exploited to allow an unauthenticated user to run arbitrary code leading complete impact to confidentiality, integrity, and availability of the iLO Amplifier Pack appliance. |
|
75 |
CVE-2021-26614 |
|
|
Exec Code |
2021-11-22 |
2021-11-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
ius_get.cgi in IpTime C200 camera allows remote code execution. A remote attacker may send a crafted parameters to the exposed vulnerable web service interface which invokes the arbitrary shell command. |
|
76 |
CVE-2021-25877 |
732 |
|
|
2021-11-01 |
2021-11-08 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged user is able to write files on filesystem using flag and code variables in file save.php. |
|
77 |
CVE-2021-23732 |
78 |
|
Exec Code |
2021-11-22 |
2022-03-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system. |
|
78 |
CVE-2021-3973 |
122 |
|
Overflow |
2021-11-19 |
2022-03-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
vim is vulnerable to Heap-based Buffer Overflow |
|
79 |
CVE-2021-3968 |
122 |
|
Overflow |
2021-11-19 |
2022-02-05 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
vim is vulnerable to Heap-based Buffer Overflow |
|
80 |
CVE-2021-3769 |
78 |
|
|
2021-11-30 |
2021-12-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
# Vulnerability in `pygmalion`, `pygmalion-virtualenv` and `refined` themes **Description**: these themes use `print -P` on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability can be exploited. **Fixed in**: [b3ba9978](https://github.com/ohmyzsh/ohmyzsh/commit/b3ba9978). **Impacted areas**: - `pygmalion` theme. - `pygmalion-virtualenv` theme. - `refined` theme. |
|
81 |
CVE-2021-3723 |
78 |
|
Exec Code |
2021-11-12 |
2021-11-17 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A command injection vulnerability was reported in the Integrated Management Module (IMM) of legacy IBM System x 3550 M3 and IBM System x 3650 M3 servers that could allow the execution of operating system commands over an authenticated SSH or Telnet session. |
|
82 |
CVE-2021-3705 |
863 |
|
|
2021-11-01 |
2021-11-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device. |
|
83 |
CVE-2021-3064 |
787 |
|
Exec Code Mem. Corr. |
2021-11-10 |
2021-11-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A memory corruption vulnerability exists in Palo Alto Networks GlobalProtect portal and gateway interfaces that enables an unauthenticated network-based attacker to disrupt system processes and potentially execute arbitrary code with root privileges. The attacker must have network access to the GlobalProtect interface to exploit this issue. This issue impacts PAN-OS 8.1 versions earlier than PAN-OS 8.1.17. Prisma Access customers are not impacted by this issue. |
|
84 |
CVE-2021-3061 |
78 |
|
Exec Code |
2021-11-10 |
2021-11-15 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An OS command injection vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables an authenticated administrator with access to the CLI to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers that have Prisma Access 2.1 firewalls are impacted by this issue. |
|
85 |
CVE-2021-3060 |
78 |
|
Exec Code |
2021-11-10 |
2021-11-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An OS command injection vulnerability in the Simple Certificate Enrollment Protocol (SCEP) feature of PAN-OS software allows an unauthenticated network-based attacker with specific knowledge of the firewall configuration to execute arbitrary code with root user privileges. The attacker must have network access to the GlobalProtect interfaces to exploit this issue. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. Prisma Access customers with Prisma Access 2.1 Preferred and Prisma Access 2.1 Innovation firewalls are impacted by this issue. |
|
86 |
CVE-2021-3058 |
78 |
|
Exec Code |
2021-11-10 |
2021-11-15 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
An OS command injection vulnerability in the Palo Alto Networks PAN-OS web interface enables an authenticated administrator with permissions to use XML API the ability to execute arbitrary OS commands to escalate privileges. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20-h1; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14-h3; PAN-OS 9.1 versions earlier than PAN-OS 9.1.11-h2; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 10.1 versions earlier than PAN-OS 10.1.3. This issue does not impact Prisma Access firewalls. |
|
87 |
CVE-2021-3056 |
787 |
|
Exec Code Mem. Corr. |
2021-11-10 |
2021-11-15 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
A memory corruption vulnerability in Palo Alto Networks PAN-OS GlobalProtect Clientless VPN enables an authenticated attacker to execute arbitrary code with root user privileges during SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.20; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.1. Prisma Access customers with Prisma Access 2.1 Preferred firewalls are impacted by this issue. |
|
88 |
CVE-2021-1975 |
787 |
|
Overflow |
2021-11-12 |
2021-11-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables |
|
89 |
CVE-2020-25366 |
862 |
|
DoS |
2021-11-04 |
2021-11-06 |
8.5 |
None |
Remote |
Low |
Not required |
None |
Partial |
Complete |
|
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attackers to cause a denial of service (DoS) via unspecified vectors. |
|
90 |
CVE-2020-16152 |
829 |
|
Exec Code |
2021-11-14 |
2021-11-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and IQ Engine through 10.0r8a allows attackers to execute PHP code as the root user via remote HTTP requests that insert this code into a log file and then traverse to that file. |
|
91 |
CVE-2020-7880 |
20 |
|
|
2021-11-30 |
2021-12-01 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. |
