| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2021-42545 |
613 |
|
|
2021-11-30 |
2021-12-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
An insufficient session expiration vulnerability exists in Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions. |
|
252 |
CVE-2021-42544 |
307 |
|
+Priv |
2021-11-30 |
2021-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Missing Rate Limiting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 on the Login Form allows an unauthenticated remote attacker to perform multiple login attempts, which facilitates gaining privileges. |
|
253 |
CVE-2021-42543 |
242 |
|
Exec Code |
2021-11-05 |
2021-11-08 |
7.5 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Complete |
|
The affected application uses specific functions that could be abused through a crafted project file, which could lead to code execution, system reboot, and system shutdown. |
|
254 |
CVE-2021-42525 |
125 |
|
Bypass |
2021-11-18 |
2021-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Acrobat Animate versions 21.0.9 (and earlier)is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
|
255 |
CVE-2021-42524 |
787 |
|
Exec Code |
2021-11-18 |
2021-11-19 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Adobe Animate version 21.0.9 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file. |
|
256 |
CVE-2021-42386 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function |
|
257 |
CVE-2021-42385 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
|
258 |
CVE-2021-42384 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function |
|
259 |
CVE-2021-42383 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function |
|
260 |
CVE-2021-42382 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function |
|
261 |
CVE-2021-42381 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function |
|
262 |
CVE-2021-42380 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function |
|
263 |
CVE-2021-42379 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function |
|
264 |
CVE-2021-42378 |
416 |
|
DoS Exec Code |
2021-11-15 |
2022-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function |
|
265 |
CVE-2021-42377 |
763 |
|
DoS Exec Code |
2021-11-15 |
2022-03-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. |
|
266 |
CVE-2021-42376 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. |
|
267 |
CVE-2021-42375 |
|
|
DoS |
2021-11-15 |
2022-03-31 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input. |
|
268 |
CVE-2021-42374 |
125 |
|
DoS +Info |
2021-11-15 |
2022-03-31 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that |
|
269 |
CVE-2021-42373 |
476 |
|
DoS |
2021-11-15 |
2022-03-31 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given |
|
270 |
CVE-2021-42372 |
78 |
|
Exec Code |
2021-11-08 |
2022-04-22 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
A shell command injection in the HW Events SNMP community in XoruX LPAR2RRD and STOR2RRD before 7.30 allows authenticated remote attackers to execute arbitrary shell commands as the user running the service. |
|
271 |
CVE-2021-42371 |
922 |
|
|
2021-11-08 |
2022-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
lpar2rrd is a hardcoded system account in XoruX LPAR2RRD and STOR2RRD before 7.30. |
|
272 |
CVE-2021-42370 |
312 |
|
|
2021-11-08 |
2022-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
A password mismanagement situation exists in XoruX LPAR2RRD and STOR2RRD before 7.30 because cleartext information is present in HTML password input fields in the device properties. (Viewing the passwords requires configuring a web browser to display HTML password input fields.) |
|
273 |
CVE-2021-42365 |
79 |
|
XSS |
2021-11-29 |
2021-12-01 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. |
|
274 |
CVE-2021-42364 |
352 |
|
CSRF |
2021-11-29 |
2021-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Stetic WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the stats_page function found in the ~/stetic.php file, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.0.6. |
|
275 |
CVE-2021-42363 |
79 |
|
XSS |
2021-11-19 |
2021-11-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8. |
|
276 |
CVE-2021-42362 |
434 |
|
Exec Code |
2021-11-17 |
2021-12-21 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The WordPress Popular Posts WordPress plugin is vulnerable to arbitrary file uploads due to insufficient input file type validation found in the ~/src/Image.php file which makes it possible for attackers with contributor level access and above to upload malicious files that can be used to obtain remote code execution, in versions up to and including 5.3.2. |
|
277 |
CVE-2021-42361 |
79 |
|
XSS |
2021-11-17 |
2021-11-18 |
2.1 |
None |
Remote |
High |
??? |
None |
Partial |
None |
|
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. |
|
278 |
CVE-2021-42360 |
79 |
|
XSS |
2021-11-17 |
2021-11-19 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. |
|
279 |
CVE-2021-42359 |
862 |
|
|
2021-11-05 |
2021-11-09 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question. |
|
280 |
CVE-2021-42358 |
352 |
|
CSRF |
2021-11-29 |
2021-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the ~/cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2. |
|
281 |
CVE-2021-42338 |
287 |
|
Exec Code Bypass |
2021-11-19 |
2021-11-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files. |
|
282 |
CVE-2021-42337 |
285 |
|
Bypass +Info |
2021-11-16 |
2021-11-17 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters. |
|
283 |
CVE-2021-42323 |
668 |
|
|
2021-11-10 |
2021-11-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301. |
|
284 |
CVE-2021-42322 |
269 |
|
|
2021-11-10 |
2021-11-15 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Visual Studio Code Elevation of Privilege Vulnerability |
|
285 |
CVE-2021-42321 |
|
|
Exec Code |
2021-11-10 |
2022-03-29 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
286 |
CVE-2021-42319 |
269 |
|
|
2021-11-10 |
2021-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Visual Studio Elevation of Privilege Vulnerability |
|
287 |
CVE-2021-42316 |
|
|
Exec Code |
2021-11-10 |
2021-11-15 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability |
|
288 |
CVE-2021-42308 |
290 |
|
|
2021-11-24 |
2021-11-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability |
|
289 |
CVE-2021-42306 |
668 |
|
|
2021-11-24 |
2021-11-29 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Azure Active Directory Information Disclosure Vulnerability |
|
290 |
CVE-2021-42305 |
|
|
|
2021-11-10 |
2021-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-41349. |
|
291 |
CVE-2021-42304 |
269 |
|
|
2021-11-10 |
2021-11-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42303. |
|
292 |
CVE-2021-42303 |
269 |
|
|
2021-11-10 |
2021-11-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42302, CVE-2021-42304. |
|
293 |
CVE-2021-42302 |
269 |
|
|
2021-11-10 |
2021-11-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Azure RTOS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42303, CVE-2021-42304. |
|
294 |
CVE-2021-42301 |
668 |
|
|
2021-11-10 |
2021-11-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323. |
|
295 |
CVE-2021-42300 |
|
|
|
2021-11-10 |
2021-11-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Azure Sphere Tampering Vulnerability |
|
296 |
CVE-2021-42298 |
94 |
|
Exec Code |
2021-11-10 |
2021-11-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Defender Remote Code Execution Vulnerability |
|
297 |
CVE-2021-42297 |
59 |
|
|
2021-11-24 |
2021-11-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Windows 10 Update Assistant Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-43211. |
|
298 |
CVE-2021-42296 |
94 |
|
Exec Code |
2021-11-10 |
2021-11-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Word Remote Code Execution Vulnerability |
|
299 |
CVE-2021-42292 |
863 |
|
Bypass |
2021-11-10 |
2021-11-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Excel Security Feature Bypass Vulnerability |
|
300 |
CVE-2021-42291 |
269 |
|
|
2021-11-10 |
2022-05-23 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287. |
