CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2021-41973 835 2021-11-01 2022-05-02
4.3
None Remote Medium Not required None None Partial
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
352 CVE-2021-41972 522 +Info 2021-11-12 2021-11-16
4.0
None Remote Low ??? Partial None None
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
353 CVE-2021-41951 79 XSS 2021-11-15 2021-11-17
4.3
None Remote Medium Not required None Partial None
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
354 CVE-2021-41950 22 Dir. Trav. 2021-11-15 2021-11-17
6.4
None Remote Low Not required None Partial Partial
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users.
355 CVE-2021-41931 89 Sql 2021-11-17 2021-11-18
7.5
None Remote Low Not required Partial Partial Partial
The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.
356 CVE-2021-41833 434 Exec Code 2021-11-11 2021-11-15
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution.
357 CVE-2021-41772 20 2021-11-08 2022-01-04
5.0
None Remote Low Not required None None Partial
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
358 CVE-2021-41771 119 Overflow 2021-11-08 2022-02-10
5.0
None Remote Low Not required None None Partial
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
359 CVE-2021-41765 89 Exec Code Sql 2021-11-15 2021-11-17
7.5
None Remote Low Not required Partial Partial Partial
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server.
360 CVE-2021-41733 601 2021-11-08 2021-11-09
5.8
None Remote Medium Not required Partial Partial None
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them.
361 CVE-2021-41679 89 Sql 2021-11-30 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter.
362 CVE-2021-41678 89 Sql 2021-11-30 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter.
363 CVE-2021-41677 89 Sql 2021-11-30 2021-11-30
6.8
None Remote Medium Not required Partial Partial Partial
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter.
364 CVE-2021-41653 94 Exec Code 2021-11-13 2021-11-17
10.0
None Remote Low Not required Complete Complete Complete
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field.
365 CVE-2021-41585 20 2021-11-03 2021-11-05
5.0
None Remote Low Not required None None Partial
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0.
366 CVE-2021-41569 829 File Inclusion 2021-11-19 2022-04-06
5.0
None Remote Low Not required Partial None None
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS.
367 CVE-2021-41562 2021-11-03 2021-11-05
3.6
None Local Low Not required None Partial Partial
A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows.
368 CVE-2021-41532 668 2021-11-19 2021-11-19
5.0
None Remote Low Not required Partial None None
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
369 CVE-2021-41492 89 Sql 2021-11-03 2021-12-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.
370 CVE-2021-41436 444 2021-11-19 2021-11-23
7.8
None Remote Low Not required None None Complete
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet.
371 CVE-2021-41435 307 Bypass 2021-11-19 2021-11-23
10.0
None Remote Low Not required Complete Complete Complete
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request.
372 CVE-2021-41427 79 XSS 2021-11-10 2021-11-12
4.3
None Remote Medium Not required None Partial None
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi.
373 CVE-2021-41426 352 CSRF 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm.
374 CVE-2021-41379 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Windows Installer Elevation of Privilege Vulnerability
375 CVE-2021-41378 Exec Code 2021-11-10 2021-11-12
6.5
None Remote Low ??? Partial Partial Partial
Windows NTFS Remote Code Execution Vulnerability
376 CVE-2021-41377 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability
377 CVE-2021-41376 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375.
378 CVE-2021-41375 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376.
379 CVE-2021-41374 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376.
380 CVE-2021-41373 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
FSLogix Information Disclosure Vulnerability
381 CVE-2021-41372 352 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Power BI Report Server Spoofing Vulnerability
382 CVE-2021-41371 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631.
383 CVE-2021-41370 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283.
384 CVE-2021-41368 Exec Code 2021-11-10 2021-11-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Access Remote Code Execution Vulnerability
385 CVE-2021-41367 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283.
386 CVE-2021-41366 269 2021-11-10 2021-11-12
4.6
None Local Low Not required Partial Partial Partial
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
387 CVE-2021-41356 DoS 2021-11-10 2021-11-10
5.0
None Remote Low Not required None None Partial
Windows Denial of Service Vulnerability
388 CVE-2021-41351 2021-11-10 2021-11-10
4.3
None Remote Medium Not required Partial None None
Microsoft Edge (Chrome based) Spoofing on IE Mode
389 CVE-2021-41349 2021-11-10 2021-11-10
4.3
None Remote Medium Not required Partial None None
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305.
390 CVE-2021-41313 2021-11-01 2022-04-25
4.0
None Remote Low ??? None Partial None
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1.
391 CVE-2021-41312 287 2021-11-03 2021-11-04
5.0
None Remote Low Not required None Partial None
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1.
392 CVE-2021-41310 79 XSS 2021-11-01 2021-11-02
4.3
None Remote Medium Not required None Partial None
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1.
393 CVE-2021-41289 119 Overflow 2021-11-15 2021-12-13
3.6
None Local Low Not required None Partial Partial
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.
394 CVE-2021-41281 22 Dir. Trav. 2021-11-23 2021-12-14
4.3
None Remote Medium Not required None Partial None
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config.
395 CVE-2021-41280 78 2021-11-19 2021-11-24
7.5
None Remote Low Not required Partial Partial Partial
Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value.
396 CVE-2021-41279 22 Dir. Trav. 2021-11-26 2021-11-30
9.0
None Remote Low ??? Complete Complete Complete
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible.
397 CVE-2021-41278 327 2021-11-19 2021-11-23
2.6
None Remote High Not required Partial None None
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new "aes256" transform.
398 CVE-2021-41277 20 File Inclusion 2021-11-17 2021-11-23
5.0
None Remote Low Not required Partial None None
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.
399 CVE-2021-41275 352 CSRF 2021-11-17 2022-05-16
6.8
None Remote Medium Not required Partial Partial Partial
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). That means that applications that haven't been configured differently from what it's generated with Rails aren't affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController < ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2
400 CVE-2021-41274 352 CSRF 2021-11-17 2021-11-24
6.8
None Remote Medium Not required Partial Partial Partial
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details.
Total number of vulnerabilities : 1511   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.