The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-44225 | In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-44223 | WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory. | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-44219 | Gin-Vue-Admin before 2.4.6 mishandles a SQL database. | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-44150 | The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content. | MEDIUM | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-44147 | An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks. | MEDIUM | Nov 23, 2021 | -- (VxWorks 7) |
| CVE-2021-44144 | Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date. | MEDIUM | Nov 24, 2021 | -- (VxWorks 7) |
| CVE-2021-44143 | A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution. | HIGH | Nov 27, 2021 | -- (VxWorks 7) |
| CVE-2021-44140 | Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later. | -- | Nov 24, 2021 | -- (VxWorks 7) |
| CVE-2021-44094 | ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file | -- | Nov 28, 2021 | -- (VxWorks 7) |
| CVE-2021-44093 | A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell | -- | Nov 28, 2021 | -- (VxWorks 7) |
| CVE-2021-44079 | In the wazuh-slack active response script in Wazuh before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution. | HIGH | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-44038 | An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update. | HIGH | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-44037 | Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning. | MEDIUM | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-44036 | Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import. | MEDIUM | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-44033 | In Ionic Identity Vault before 5.0.5, the protection mechanism for invalid unlock attempts can be bypassed. | MEDIUM | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-44026 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. | HIGH | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-44025 | Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment\'s filename extension when displaying a MIME type warning message. | MEDIUM | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-43997 | Amazon FreeRTOS 10.2.0 through 10.4.5 on the ARMv7-M and ARMv8-M MPU platforms does not prevent non-kernel code from calling the xPortRaisePrivilege and vPortResetPrivilege internal functions. This is fixed in 10.4.6 and in 10.4.3-LTS Patch 2. | HIGH | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43996 | The Ignition component before 1.16.15, and 2.0.x before 2.0.6, for Laravel has a fix variable names feature that can lead to incorrect access control. | HIGH | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-43979 | ** DISPUTED ** Styra Open Policy Agent (OPA) Gatekeeper through 3.7.0 mishandles concurrency, sometimes resulting in incorrect access control. The data replication mechanism allows policies to access the Kubernetes cluster state. During data replication, OPA/Gatekeeper does not wait for the replication to finish before processing a request, which might cause inconsistencies between the replicated resources in OPA/Gatekeeper and the resources actually present in the cluster. Inconsistency can later be reflected in a policy bypass. NOTE: the vendor disagrees that this is a vulnerability, because Kubernetes states are only eventually consistent. | MEDIUM | Nov 17, 2021 | -- (VxWorks 7) |
| CVE-2021-43977 | SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | MEDIUM | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43976 | In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic). | LOW | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-43975 | In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. | MEDIUM | Nov 19, 2021 | -- (VxWorks 7) |
| CVE-2021-43785 | @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-43780 | Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on installations where a URL-loading data source is enabled. As of time of publication, the `master` and `release/10.x.x` branches address this by applying the Advocate library for making http requests instead of the requests library directly. Users should upgrade to version 10.0.1 to receive this patch. There are a few workarounds for mitigating the vulnerability without upgrading. One can disable the vulnerable data sources entirely, by adding the following env variable to one\'s configuration, making them unavailable inside the webapp. One can switch any data source of certain types (viewable in the GitHub Security Advisory) to be `View Only` for all groups on the Settings > Groups > Data Sources screen. For users unable to update an admin may modify Redash\'s configuration through environment variables to mitigate this issue. Depending on the version of Redash, an admin may also need to run a CLI command to re-encrypt some fields in the database. The `master` and `release/10.x.x` branches as of time of publication have removed the default value for `REDASH_COOKIE_SECRET`. All future releases will also require this to be set explicitly. For existing installations, one will need to ensure that explicit values are set for the `REDASH_COOKIE_SECRET` and `REDASH_SECRET_KEY `variables. | -- | Nov 24, 2021 | -- (VxWorks 7) |
| CVE-2021-43778 | Barcode is a GLPI plugin for printing barcodes and QR codes. GLPI instances version 2.x prior to version 2.6.1 with the barcode plugin installed are vulnerable to a path traversal vulnerability. This issue was patched in version 2.6.1. As a workaround, delete the `front/send.php` file. | -- | Nov 24, 2021 | -- (VxWorks 7) |
| CVE-2021-43777 | Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a Cross-Site Request Forgery (CSRF) token, not a static and easily predicted value. This vulnerability does not affect users who do not use Google Login for their instance of Redash. A patch in the `master` and `release/10.x.x` branches addresses this by replacing `Flask-Oauthlib` with `Authlib` which automatically provides and validates a CSRF token for the state variable. The new implementation stores the next URL on the user session object. As a workaround, one may disable Google Login to mitigate the vulnerability. | -- | Nov 24, 2021 | -- (VxWorks 7) |
| CVE-2021-43776 | Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user\'s browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-43775 | Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash (../)� sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. The vulnerability issue is resolved in Aim v3.1.0. | -- | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-43669 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric. | MEDIUM | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43668 | Go-Ethereum 1.10.9 nodes crash (denial of service) after receiving a serial of messages and cannot be recovered. They will crash with runtime error: invalid memory address or nil pointer dereference and arise a SEGV signal. | LOW | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43667 | A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method \'forwardToLeader\'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash. | MEDIUM | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43620 | An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::from_ptr on a pointer to the string buffer, the string is terminated at the first \'\\0\' byte, which might not be the end of the string. | MEDIUM | Nov 18, 2021 | -- (VxWorks 7) |
| CVE-2021-43618 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | MEDIUM | Nov 16, 2021 | -- (VxWorks 7) |
| CVE-2021-43617 | Laravel Framework through 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. In some use cases, this may be related to file-type validation for image upload (e.g., differences between getClientOriginalExtension and other approaches). | HIGH | Nov 14, 2021 | -- (VxWorks 7) |
| CVE-2021-43616 | The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json. | HIGH | Nov 13, 2021 | -- (VxWorks 7) |
| CVE-2021-43612 | sonmp: fix heap overflow when reading SONMP packets | -- | Nov 14, 2021 | -- (VxWorks 7) |
| CVE-2021-43611 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via \\ in the display name of a From header. | MEDIUM | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43610 | Belledonne Belle-sip before 5.0.20 can crash applications such as Linphone via an invalid From header (request URI without a parameter) in an unauthenticated SIP message, a different issue than CVE-2021-33056. | MEDIUM | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43582 | A Use-After-Free Remote Vulnerability exists when reading a DWG file using Open Design Alliance Drawings SDK before 2022.11. The specific issue exists within the parsing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. | MEDIUM | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-43581 | An Out-of-Bounds Read vulnerability exists when reading a U3D file using Open Design Alliance PRC SDK before 2022.11. The specific issue exists within the parsing of U3D files. Incorrect use of the LibJpeg source manager inside the U3D library, and crafted data in a U3D file, can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. | MEDIUM | Nov 26, 2021 | -- (VxWorks 7) |
| CVE-2021-43578 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier implements an agent-to-controller message that does not implement any validation of its input, allowing attackers able to control agent processes to replace arbitrary files on the Jenkins controller file system with an attacker-controlled JSON string. | MEDIUM | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43577 | Jenkins OWASP Dependency-Check Plugin 5.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | MEDIUM | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43576 | Jenkins pom2config Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing attackers with Overall/Read and Item/Read permissions to have Jenkins parse a crafted XML file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | MEDIUM | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43575 | ** DISPUTED ** KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported. | LOW | Nov 10, 2021 | -- (VxWorks 7) |
| CVE-2021-43574 | ** UNSUPPORTED WHEN ASSIGNED ** WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | MEDIUM | Nov 17, 2021 | -- (VxWorks 7) |
| CVE-2021-43573 | A buffer overflow was discovered on Realtek RTL8195AM devices before 2.0.10. It exists in the client code when processing a malformed IE length of HT capability information in the Beacon and Association response frame. | HIGH | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43572 | The verify function in the Stark Bank Python ECDSA library (ecdsa-python) 2.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | HIGH | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43571 | The verify function in the Stark Bank Node.js ECDSA library (ecdsa-node) 1.1.2 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | HIGH | Nov 12, 2021 | -- (VxWorks 7) |
| CVE-2021-43570 | The verify function in the Stark Bank Java ECDSA library (ecdsa-java) 1.0.0 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages. | HIGH | Nov 12, 2021 | -- (VxWorks 7) |
