| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
351 |
CVE-2021-41973 |
835 |
|
|
2021-11-01 |
2022-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater. |
|
352 |
CVE-2021-41972 |
522 |
|
+Info |
2021-11-12 |
2021-11-16 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be accessed in a non-trivial way. |
|
353 |
CVE-2021-41951 |
79 |
|
XSS |
2021-11-15 |
2021-11-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser. |
|
354 |
CVE-2021-41950 |
22 |
|
Dir. Trav. |
2021-11-15 |
2021-11-17 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
A directory traversal issue in ResourceSpace 9.6 before 9.6 rev 18277 allows remote unauthenticated attackers to delete arbitrary files on the ResourceSpace server via the provider and variant parameters in pages/ajax/tiles.php. Attackers can delete configuration or source code files, causing the application to become unavailable to all users. |
|
355 |
CVE-2021-41931 |
89 |
|
Sql |
2021-11-17 |
2021-11-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Company's Recruitment Management System in id=2 of the parameter from view_vacancy app on-page appears to be vulnerable to SQL injection. The payloads 19424269' or '1309'='1309 and 39476597' or '2917'='2923 were each submitted in the id parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way. |
|
356 |
CVE-2021-41833 |
434 |
|
Exec Code |
2021-11-11 |
2021-11-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho ManageEngine Patch Connect Plus before 90099 is vulnerable to unauthenticated remote code execution. |
|
357 |
CVE-2021-41772 |
20 |
|
|
2021-11-08 |
2022-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. |
|
358 |
CVE-2021-41771 |
119 |
|
Overflow |
2021-11-08 |
2022-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation. |
|
359 |
CVE-2021-41765 |
89 |
|
Exec Code Sql |
2021-11-15 |
2021-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection issue in pages/edit_fields/9_ajax/add_keyword.php of ResourceSpace 9.5 and 9.6 < rev 18274 allows remote unauthenticated attackers to execute arbitrary SQL commands via the k parameter. This allows attackers to uncover the full contents of the ResourceSpace database, including user session cookies. An attacker who gets an admin user session cookie can use the session cookie to execute arbitrary code on the server. |
|
360 |
CVE-2021-41733 |
601 |
|
|
2021-11-08 |
2021-11-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Oppia 3.1.4 does not verify that certain URLs are valid before navigating to them. |
|
361 |
CVE-2021-41679 |
89 |
|
Sql |
2021-11-30 |
2021-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/grades/InputFinalGrades.php, period parameter. |
|
362 |
CVE-2021-41678 |
89 |
|
Sql |
2021-11-30 |
2021-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/modules/users/Staff.php, staff{TITLE] parameter. |
|
363 |
CVE-2021-41677 |
89 |
|
Sql |
2021-11-30 |
2021-11-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A SQL injection vulnerability exists in version 8.0 of openSIS when MySQL or MariaDB is used as the application database. An attacker can then issue the SQL command through the /opensis/functions/GetStuListFnc.php &Grade= parameter. |
|
364 |
CVE-2021-41653 |
94 |
|
Exec Code |
2021-11-13 |
2021-11-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a crafted payload in an IP address input field. |
|
365 |
CVE-2021-41585 |
20 |
|
|
2021-11-03 |
2021-11-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper Input Validation vulnerability in accepting socket connections in Apache Traffic Server allows an attacker to make the server stop accepting new connections. This issue affects Apache Traffic Server 5.0.0 to 9.1.0. |
|
366 |
CVE-2021-41569 |
829 |
|
File Inclusion |
2021-11-19 |
2022-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro. Users can escape the context of the configured user-controllable variable and append additional functions native to the macro but not included as variables within the library. This includes a function that retrieves files from the host OS. |
|
367 |
CVE-2021-41562 |
|
|
|
2021-11-03 |
2021-11-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
A vulnerability in Snow Snow Agent for Windows allows a non-admin user to cause arbitrary deletion of files. This issue affects: Snow Snow Agent for Windows version 5.0.0 to 6.7.1 on Windows. |
|
368 |
CVE-2021-41532 |
668 |
|
|
2021-11-19 |
2021-11-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints. |
|
369 |
CVE-2021-41492 |
89 |
|
Sql |
2021-11-03 |
2021-12-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php. |
|
370 |
CVE-2021-41436 |
444 |
|
|
2021-11-19 |
2021-11-23 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
An HTTP request smuggling in web application in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote unauthenticated attacker to DoS via sending a specially crafted HTTP packet. |
|
371 |
CVE-2021-41435 |
307 |
|
Bypass |
2021-11-19 |
2021-11-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A brute-force protection bypass in CAPTCHA protection in ASUS ROG Rapture GT-AX11000, RT-AX3000, RT-AX55, RT-AX56U, RT-AX56U_V2, RT-AX58U, RT-AX82U, RT-AX82U GUNDAM EDITION, RT-AX86 Series(RT-AX86U/RT-AX86S), RT-AX86U ZAKU II EDITION, RT-AX88U, RT-AX92U, TUF Gaming AX3000, TUF Gaming AX5400 (TUF-AX5400), ASUS ZenWiFi XD6, ASUS ZenWiFi AX (XT8) before 3.0.0.4.386.45898, and RT-AX68U before 3.0.0.4.386.45911, allows a remote attacker to attempt any number of login attempts via sending a specific HTTP request. |
|
372 |
CVE-2021-41427 |
79 |
|
XSS |
2021-11-10 |
2021-11-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. |
|
373 |
CVE-2021-41426 |
352 |
|
CSRF |
2021-11-10 |
2021-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Beeline Smart box 2.0.38 is vulnerable to Cross Site Request Forgery (CSRF) via mgt_end_user.htm. |
|
374 |
CVE-2021-41379 |
269 |
|
|
2021-11-10 |
2021-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows Installer Elevation of Privilege Vulnerability |
|
375 |
CVE-2021-41378 |
|
|
Exec Code |
2021-11-10 |
2021-11-12 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Windows NTFS Remote Code Execution Vulnerability |
|
376 |
CVE-2021-41377 |
269 |
|
|
2021-11-10 |
2021-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Windows Fast FAT File System Driver Elevation of Privilege Vulnerability |
|
377 |
CVE-2021-41376 |
|
|
|
2021-11-10 |
2021-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375. |
|
378 |
CVE-2021-41375 |
|
|
|
2021-11-10 |
2021-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376. |
|
379 |
CVE-2021-41374 |
|
|
|
2021-11-10 |
2021-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376. |
|
380 |
CVE-2021-41373 |
|
|
|
2021-11-10 |
2021-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
FSLogix Information Disclosure Vulnerability |
|
381 |
CVE-2021-41372 |
352 |
|
|
2021-11-10 |
2021-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Power BI Report Server Spoofing Vulnerability |
|
382 |
CVE-2021-41371 |
|
|
|
2021-11-10 |
2021-11-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-38631. |
|
383 |
CVE-2021-41370 |
269 |
|
|
2021-11-10 |
2021-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-42283. |
|
384 |
CVE-2021-41368 |
|
|
Exec Code |
2021-11-10 |
2021-11-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Access Remote Code Execution Vulnerability |
|
385 |
CVE-2021-41367 |
269 |
|
|
2021-11-10 |
2021-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41370, CVE-2021-42283. |
|
386 |
CVE-2021-41366 |
269 |
|
|
2021-11-10 |
2021-11-12 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability |
|
387 |
CVE-2021-41356 |
|
|
DoS |
2021-11-10 |
2021-11-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Windows Denial of Service Vulnerability |
|
388 |
CVE-2021-41351 |
|
|
|
2021-11-10 |
2021-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Edge (Chrome based) Spoofing on IE Mode |
|
389 |
CVE-2021-41349 |
|
|
|
2021-11-10 |
2021-11-10 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Exchange Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-42305. |
|
390 |
CVE-2021-41313 |
|
|
|
2021-11-01 |
2022-04-25 |
4.0 |
None |
Remote |
Low |
??? |
None |
Partial |
None |
|
Affected versions of Atlassian Jira Server and Data Center allow authenticated but non-admin remote attackers to edit email batch configurations via an Improper Authorization vulnerability in the /secure/admin/ConfigureBatching!default.jspa endpoint. The affected versions are before version 8.20.1. |
|
391 |
CVE-2021-41312 |
287 |
|
|
2021-11-03 |
2021-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Affected versions of Atlassian Jira Server and Data Center allow a remote attacker who has had their access revoked from Jira Service Management to enable and disable Issue Collectors on Jira Service Management projects via an Improper Authentication vulnerability in the /secure/ViewCollectors endpoint. The affected versions are before version 8.19.1. |
|
392 |
CVE-2021-41310 |
79 |
|
XSS |
2021-11-01 |
2021-11-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. |
|
393 |
CVE-2021-41289 |
119 |
|
Overflow |
2021-11-15 |
2021-12-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot. |
|
394 |
CVE-2021-41281 |
22 |
|
Dir. Trav. |
2021-11-23 |
2021-12-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be tricked into downloading a file from a remote server into an arbitrary directory. No authentication is required for the affected endpoint. The last 2 directories and file name of the path are chosen randomly by Synapse and cannot be controlled by an attacker, which limits the impact. Homeservers with the media repository disabled are unaffected. Homeservers with a federation whitelist are also unaffected, since Synapse will check the remote hostname, including the trailing `../`s, against the whitelist. Server administrators should upgrade to 1.47.1 or later. Server administrators using a reverse proxy could, at the expense of losing media functionality, may block the certain endpoints as a workaround. Alternatively, non-containerized deployments can be adapted to use the hardened systemd config. |
|
395 |
CVE-2021-41280 |
78 |
|
|
2021-11-19 |
2021-11-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sharetribe Go is a source available marketplace software. In affected versions operating system command injection is possible on installations of Sharetribe Go, that do not have a secret AWS Simple Notification Service (SNS) notification token configured via the `sns_notification_token` configuration parameter. This configuration parameter is unset by default. The vulnerability has been patched in version 10.2.1. Users who are unable to upgrade should set the`sns_notification_token` configuration parameter to a secret value. |
|
396 |
CVE-2021-41279 |
22 |
|
Dir. Trav. |
2021-11-26 |
2021-11-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
BaserCMS is an open source content management system with a focus on Japanese language support. In affected versions users with upload privilege may upload crafted zip files capable of path traversal on the host operating system. This is a vulnerability that needs to be addressed when the management system is used by an unspecified number of users. If you are eligible, please update to the new version as soon as possible. |
|
397 |
CVE-2021-41278 |
327 |
|
|
2021-11-19 |
2021-11-23 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Functions SDK for EdgeX is meant to provide all the plumbing necessary for developers to get started in processing/transforming/exporting data out of the EdgeX IoT platform. In affected versions broken encryption in app-functions-sdk “AES” transform in EdgeX Foundry releases prior to Jakarta allows attackers to decrypt messages via unspecified vectors. The app-functions-sdk exports an “aes” transform that user scripts can optionally call to encrypt data in the processing pipeline. No decrypt function is provided. Encryption is not enabled by default, but if used, the level of protection may be less than the user may expects due to a broken implementation. Version v2.1.0 (EdgeX Foundry Jakarta release and later) of app-functions-sdk-go/v2 deprecates the “aes” transform and provides an improved “aes256” transform in its place. The broken implementation will remain in a deprecated state until it is removed in the next EdgeX major release to avoid breakage of existing software that depends on the broken implementation. As the broken transform is a library function that is not invoked by default, users who do not use the AES transform in their processing pipelines are unaffected. Those that are affected are urged to upgrade to the Jakarta EdgeX release and modify processing pipelines to use the new "aes256" transform. |
|
398 |
CVE-2021-41277 |
20 |
|
File Inclusion |
2021-11-17 |
2021-11-23 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application. |
|
399 |
CVE-2021-41275 |
352 |
|
CSRF |
2021-11-17 |
2022-05-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
spree_auth_devise is an open source library which provides authentication and authorization services for use with the Spree storefront framework by using an underlying Devise authentication framework. In affected versions spree_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of spree_auth_devise are affected if protect_from_forgery method is both: Executed whether as: A before_action callback (the default). A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). Users are advised to update their spree_auth_devise gem. For users unable to update it may be possible to change your strategy to :exception. Please see the linked GHSA for more workaround details. ### Impact CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `spree_auth_devise` are affected if `protect_from_forgery` method is both: * Executed whether as: * A before_action callback (the default) * A prepend_before_action (option prepend: true given) before the :load_object hook in Spree::UserController (most likely order to find). * Configured to use :null_session or :reset_session strategies (:null_session is the default in case the no strategy is given, but rails --new generated skeleton use :exception). That means that applications that haven't been configured differently from what it's generated with Rails aren't affected. Thanks @waiting-for-dev for reporting and providing a patch ? ### Patches Spree 4.3 users should update to spree_auth_devise 4.4.1 Spree 4.2 users should update to spree_auth_devise 4.2.1 ### Workarounds If possible, change your strategy to :exception: ```ruby class ApplicationController < ActionController::Base protect_from_forgery with: :exception end ``` Add the following to`config/application.rb `to at least run the `:exception` strategy on the affected controller: ```ruby config.after_initialize do Spree::UsersController.protect_from_forgery with: :exception end ``` ### References https://github.com/solidusio/solidus_auth_devise/security/advisories/GHSA-xm34-v85h-9pg2 |
|
400 |
CVE-2021-41274 |
352 |
|
CSRF |
2021-11-17 |
2021-11-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any version of the frontend component of `solidus_auth_devise` are affected if `protect_from_forgery` method is both: Executed whether as: A `before_action` callback (the default) or A `prepend_before_action` (option `prepend: true` given) before the `:load_object` hook in `Spree::UserController` (most likely order to find). Configured to use `:null_session` or `:reset_session` strategies (`:null_session` is the default in case the no strategy is given, but `rails --new` generated skeleton use `:exception`). Users should promptly update to `solidus_auth_devise` version `2.5.4`. Users unable to update should if possible, change their strategy to `:exception`. Please see the linked GHSA for more workaround details. |
