Serva 4.4.0 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1, a related issue to CVE-2013-0145.
Max CVSS
7.5
EPSS Score
0.36%
Published
2021-11-29
Updated
2021-11-30
Pinkie 2.15 allows remote attackers to cause a denial of service (daemon crash) via a TFTP read (RRQ) request, aka opcode 1.
Max CVSS
7.5
EPSS Score
1.00%
Published
2021-11-29
Updated
2021-11-30
An unauthenticated SQL Injection vulnerability in Rosario Student Information System (aka rosariosis) before 8.1.1 allows remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.
Max CVSS
9.8
EPSS Score
4.04%
Published
2021-11-29
Updated
2021-11-30
PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. In this scenario, the compromised account may have inherited read access to sensitive configuration, database, and log files.
Max CVSS
6.5
EPSS Score
0.07%
Published
2021-11-30
Updated
2021-12-01
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Max CVSS
5.5
EPSS Score
0.13%
Published
2021-11-26
Updated
2023-04-10
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming constraints of the WordPress.org Plugin Directory but is not yet present in that directory.
Max CVSS
9.8
EPSS Score
0.68%
Published
2021-11-25
Updated
2021-11-30
Gin-Vue-Admin before 2.4.6 mishandles a SQL database.
Max CVSS
9.8
EPSS Score
0.20%
Published
2021-11-24
Updated
2021-11-30
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-11-29
Updated
2021-11-30
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-11-29
Updated
2021-11-30
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
Max CVSS
6.1
EPSS Score
0.07%
Published
2021-11-29
Updated
2021-11-30
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035
Max CVSS
5.4
EPSS Score
0.05%
Published
2021-11-29
Updated
2021-11-30
DLL hijacking could lead to denial of service. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27305, Acronis Cyber Protect Home Office (Windows) before build 39612
Max CVSS
5.5
EPSS Score
0.05%
Published
2021-11-29
Updated
2021-11-30
DLL hijacking could lead to local privilege escalation. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035
Max CVSS
7.8
EPSS Score
0.06%
Published
2021-11-29
Updated
2021-11-30
The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.
Max CVSS
7.5
EPSS Score
0.07%
Published
2021-11-22
Updated
2021-11-26
An XML External Entity issue in Claris FileMaker Pro and Server (including WebDirect) before 19.4.1 allows a remote attacker to disclose local files via a crafted XML/Excel document and perform server-side request forgery attacks.
Max CVSS
5.5
EPSS Score
0.13%
Published
2021-11-22
Updated
2021-11-23
Croatia Control Asterix 2.8.1 has a heap-based buffer over-read, with additional details to be disclosed at a later date.
Max CVSS
9.1
EPSS Score
0.17%
Published
2021-11-22
Updated
2021-11-24
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers (i.e., one that starts with an empty line) to provoke a heap overflow, which could conceivably be exploited for remote code execution.
Max CVSS
9.8
EPSS Score
6.63%
Published
2021-11-22
Updated
2022-10-25
Remote attackers may delete arbitrary files in a system hosting a JSPWiki instance, versions up to 2.11.0.M8, by using a carefuly crafted http request on logout, given that those files are reachable to the user running the JSPWiki instance. Apache JSPWiki users should upgrade to 2.11.0 or later.
Max CVSS
9.1
EPSS Score
0.46%
Published
2021-11-24
Updated
2021-11-29
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
Max CVSS
7.8
EPSS Score
0.17%
Published
2021-11-28
Updated
2021-11-29
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
Max CVSS
9.8
EPSS Score
1.12%
Published
2021-11-28
Updated
2021-11-29
In the wazuh-slack active response script in Wazuh 4.2.x before 4.2.5, untrusted user agents are passed to a curl command line, potentially resulting in remote code execution.
Max CVSS
9.8
EPSS Score
5.83%
Published
2021-11-22
Updated
2021-12-14

CVE-2021-44077

Known exploited
Public exploit
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution. This is related to /RestAPI URLs in a servlet, and ImportTechnicians in the Struts configuration.
Max CVSS
9.8
EPSS Score
97.40%
Published
2021-11-29
Updated
2022-07-12
CISA KEV Added
2021-12-01
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-11-19
Updated
2022-07-12
Team Password Manager (aka TeamPasswordManager) before 10.135.236 allows password-reset poisoning.
Max CVSS
7.5
EPSS Score
0.08%
Published
2021-11-19
Updated
2021-11-22
Team Password Manager (aka TeamPasswordManager) before 10.135.236 has a CSRF vulnerability during import.
Max CVSS
8.8
EPSS Score
0.09%
Published
2021-11-19
Updated
2021-11-22
1508 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!