CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-44686 DoS 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
2 CVE-2021-44685 Exec Code 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
Git-it through 4.4.0 allows OS command injection at the Branches Aren't Just For Birds challenge step. During the verification process, it attempts to run the reflog command followed by the current branch name (which is not sanitized for execution).
3 CVE-2021-44684 2021-12-07 2021-12-07
0.0
None ??? ??? ??? ??? ??? ???
naholyr github-todos 3.1.0 is vulnerable to command injection. The range argument for the _hook subcommand is concatenated without any validation, and is directly used by the exec function.
4 CVE-2021-44682 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (6 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14079).
5 CVE-2021-44681 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (5 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14080).
6 CVE-2021-44680 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (4 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14075).
7 CVE-2021-44679 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (3 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14074).
8 CVE-2021-44678 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (2 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14076).
9 CVE-2021-44677 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An issue (1 of 6) was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization behavior that is inherent to the .NET Remoting service. A malicious attacker can exploit both TCP remoting services and local IPC services on the Enterprise Vault Server. This vulnerability is mitigated by properly configuring the servers and firewall as described in the vendor's security alert for this vulnerability (VTS21-003, ZDI-CAN-14078).
10 CVE-2021-44518 2021-12-02 2021-12-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in the eGeeTouch 3rd Generation Travel Padlock application for Android. The lock sends a pairing code before each operation (lock or unlock) activated via the companion app. The code is sent unencrypted, allowing any attacker with the same app (either Android or iOS) to add the lock and take complete control. For successful exploitation, the attacker must be able to touch the lock's power button, and must be able to capture BLE network communication.
11 CVE-2021-44479 125 2021-12-01 2021-12-04
2.1
None Local Low Not required Partial None None
NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming (ISP) mode. This discloses protected flash memory.
12 CVE-2021-44199 427 DoS 2021-11-29 2021-11-30
1.9
None Local Medium Not required None None Partial
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
13 CVE-2021-44048 Exec Code 2021-12-05 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write vulnerability exists when reading a TIF file using Open Design Alliance (ODA) Drawings Explorer before 2022.11. The specific issue exists after loading TIF files. Crafted data in a TIF file can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
14 CVE-2021-44047 Exec Code 2021-12-05 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
A use-after-free vulnerability exists when reading a DWF/DWFX file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing DWF/DWFX files. Crafted data in a DWF/DWFX file and lack of proper validation of input data can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
15 CVE-2021-44046 Exec Code 2021-12-05 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write vulnerability exists when reading U3D files in Open Design Alliance PRC SDK before 2022.11. An unchecked return value of a function (verifying input data from a U3D file) leads to an out-of-bounds write. An attacker can leverage this vulnerability to execute code in the context of the current process.
16 CVE-2021-44045 Exec Code 2021-12-05 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write vulnerability exists when reading a DGN file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DGN files. Crafted data in a DGN file and lack of proper validation for the XFAT sectors count can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
17 CVE-2021-44044 Exec Code 2021-12-05 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
An out-of-bounds write vulnerability exists when reading a JPG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists with parsing JPG files. Crafted data in a JPG (4 extraneous bytes before the marker 0xca) can trigger a write operation past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
18 CVE-2021-44022 617 Exec Code 2021-12-03 2021-12-06
2.1
None Local Low Not required None None Partial
A reachable assertion vulnerability in Trend Micro Apex One could allow an attacker to crash the program on affected installations, leading to a denial-of-service (DoS). Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
19 CVE-2021-43976 DoS 2021-11-17 2021-11-29
2.1
None Local Low Not required None None Partial
In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).
20 CVE-2021-43936 Exec Code 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
The software allows the attacker to upload or transfer files of dangerous types to the WebHMI portal, that may be automatically processed within the product's environment or lead to arbitrary code execution.
21 CVE-2021-43931 Bypass 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
22 CVE-2021-43800 22 Dir. Trav. 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is only possible on a Wiki.js server running on Windows, when a storage module implementing local asset cache (e.g Local File System or Git) is enabled and that no web application firewall solution (e.g. cloudflare) strips potentially malicious URLs. Commit number 414033de9dff66a327e3f3243234852f468a9d85 fixes this vulnerability by sanitizing the path before it is passed on to the storage module. The sanitization step removes any windows directory traversal sequences from the path. As a workaround, disable any storage module with local asset caching capabilities (Local File System, Git).
23 CVE-2021-43784 190 Overflow Bypass 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.
24 CVE-2021-43781 862 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively.
25 CVE-2021-43772 552 2021-12-03 2021-12-06
2.1
None Local Low Not required None Partial None
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the protected folder to be modified without any detection.
26 CVE-2021-43668 476 DoS 2021-11-18 2021-11-23
2.1
None Local Low Not required None None Partial
Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with "runtime error: invalid memory address or nil pointer dereference" and arise a SEGV signal.
27 CVE-2021-43575 798 2021-11-09 2021-11-15
2.1
None Local Low Not required Partial None None
** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported.
28 CVE-2021-43471 DoS 2021-12-06 2021-12-06
0.0
None ??? ??? ??? ??? ??? ???
In Canon LBP223 printers, the System Manager Mode login does not require an account password or PIN. An attacker can remotely shut down the device after entering the background, creating a denial of service vulnerability.
29 CVE-2021-43389 125 2021-11-04 2021-11-09
2.1
None Local Low Not required None None Partial
An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c.
30 CVE-2021-43327 2021-12-02 2021-12-02
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
31 CVE-2021-43264 22 Dir. Trav. Bypass 2021-11-02 2021-11-09
2.1
None Local Low Not required Partial None None
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, adjusting the path component for the page help file allows attackers to bypass the intended access control for HTML files via directory traversal. It replaces the - character with the / character.
32 CVE-2021-42744 668 2021-11-19 2021-11-23
2.1
None Local Low Not required Partial None None
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
33 CVE-2021-42701 471 2021-11-05 2021-11-09
2.6
None Remote High Not required Partial None None
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
34 CVE-2021-42376 476 DoS 2021-11-15 2021-11-29
1.9
None Local Medium Not required None None Partial
A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input.
35 CVE-2021-42375 DoS 2021-11-15 2021-11-29
1.9
None Local Medium Not required None None Partial
An incorrect handling of a special element in Busybox's ash applet leads to denial of service when processing a crafted shell command, due to the shell mistaking specific characters for reserved characters. This may be used for DoS under rare conditions of filtered command input.
36 CVE-2021-42373 476 DoS 2021-11-15 2021-11-29
2.1
None Local Low Not required None None Partial
A NULL pointer dereference in Busybox's man applet leads to denial of service when a section name is supplied but no page argument is given
37 CVE-2021-42365 79 XSS 2021-11-29 2021-12-01
2.1
None Remote High ??? None Partial None
The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
38 CVE-2021-42361 79 XSS 2021-11-17 2021-11-18
2.1
None Remote High ??? None Partial None
The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the ~/trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.3.24. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
39 CVE-2021-42323 668 2021-11-10 2021-11-15
2.1
None Local Low Not required Partial None None
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42301.
40 CVE-2021-42319 269 2021-11-10 2021-11-15
2.1
None Local Low Not required None None Partial
Visual Studio Elevation of Privilege Vulnerability
41 CVE-2021-42301 668 2021-11-10 2021-11-17
2.1
None Local Low Not required Partial None None
Azure RTOS Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-26444, CVE-2021-42323.
42 CVE-2021-42274 DoS 2021-11-10 2021-11-12
2.1
None Local Low Not required None None Partial
Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability
43 CVE-2021-42111 319 2021-11-10 2021-11-16
2.1
None Local Low Not required Partial None None
An issue was discovered in the RCDevs OpenOTP app 1.4.13 and 1.4.14 for iOS. If it is installed on a jailbroken device, it is possible to retrieve the PIN code used to access the application. The IOS app version 1.4.1631262629 resolves this issue by storing a hash PIN code.
44 CVE-2021-42015 525 2021-11-09 2021-11-12
1.9
None Local Medium Not required Partial None None
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.26), Mendix Applications using Mendix 8 (All versions < V8.18.12), Mendix Applications using Mendix 9 (All versions < V9.6.1). Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache.
45 CVE-2021-41861 2021-10-04 2021-10-08
2.1
None Local Low Not required None Partial None
The Telegram application 7.5.0 through 7.8.0 for Android does not properly implement image self-destruction, a different vulnerability than CVE-2019-16248. After approximately two to four uses of the self-destruct feature, there is a misleading UI indication that an image was deleted (on both the sender and recipient sides). The images are still present in the /Storage/Emulated/0/Telegram/Telegram Image/ directory.
46 CVE-2021-41525 2021-09-21 2021-10-04
2.1
None Local Low Not required None Partial None
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.
47 CVE-2021-41376 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41375.
48 CVE-2021-41375 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41374, CVE-2021-41376.
49 CVE-2021-41374 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41375, CVE-2021-41376.
50 CVE-2021-41373 2021-11-10 2021-11-10
2.1
None Local Low Not required Partial None None
FSLogix Information Disclosure Vulnerability
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.