Selection:
XSS CSRF Privilege Buffer Remote Stack
CVE ID Name Status References
CVE-2021-44225

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

Assigned (20211125)

MISC:https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d | MISC:https://github.com/acassen/keepalived/pull/2063

CVE-2021-44223

WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.

Assigned (20211125)

MISC:https://make.wordpress.org/core/2021/06/29/introducing-update-uri-plugin-header-in-wordpress-5-8/ | MISC:https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/

CVE-2021-44219

Gin-Vue-Admin before 2.4.6 mishandles a SQL database.

Assigned (20211124)

MISC:https://github.com/flipped-aurora/gin-vue-admin/issues/813 | MISC:https://github.com/flipped-aurora/gin-vue-admin/pull/811

CVE-2021-44150

The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.

Assigned (20211122)

MISC:https://github.com/tusdotnet/tusdotnet/issues/157

CVE-2021-44147

An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.

Assigned (20211122)

MISC:https://davidhamann.de/2021/11/18/filemaker-xxe-vulnerability/ | MISC:https://support.claris.com/s/answerview?anum=000035751

CVE-2021-44144

Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.

Assigned (20211122)

MISC:https://github.com/CroatiaControlLtd/asterix/issues/183

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.

Assigned (20211122)

MISC:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999804 | MISC:https://sourceforge.net/p/isync/isync/commit_browser | MISC:https://sourceforge.net/p/isync/isync/ref/master/tags/

CVE-2021-44140

Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.

Assigned (20211122)

MISC:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140 | URL:https://jspwiki-wiki.apache.org/Wiki.jsp?page=CVE-2021-44140 | MISC:https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t | URL:https://lists.apache.org/thread/5qglpjdhvobppx7j550lf1sk28f6011t

CVE-2021-44094

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file

Assigned (20211122)

MISC:https://github.com/94fzb/zrlog/issues/116

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell

Assigned (20211122)

MISC:https://github.com/94fzb/zrlog/issues/115


Page created:

CVE year by year statistics.

CVE year statistics by common vulnerability domain.

Latest data from: 2021-11-29