CVE List - 2021 / October
Showing 1201 - 1300 of 1706 CVEs for October 2021 (Page 13 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-42299 | 2021-10-20 | Microsoft Surface Pro 3 Security Feature Bypass Vulnerability |
| CVE-2021-41163 | 2021-10-20 | RCE via malicious SNS subscription payload |
| CVE-2021-41159 | 2021-10-21 | Improper client input validation for FreeRDP gateway connections allows to overwrite memory |
| CVE-2021-42327 | 2021-10-21 | dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem.... |
| CVE-2021-42715 | 2021-10-21 | An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have... |
| CVE-2021-41160 | 2021-10-21 | Improper region checks in FreeRDP allow out of bound write to memory |
| CVE-2021-42096 | 2021-10-21 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that... |
| CVE-2021-42097 | 2021-10-21 | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of... |
| CVE-2021-39127 | 2021-10-21 | Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affected versions... |
| CVE-2021-1529 | 2021-10-21 | Cisco IOS XE SD-WAN Software Command Injection Vulnerability |
| CVE-2021-39126 | 2021-10-21 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the... |
| CVE-2021-34738 | 2021-10-21 | Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities |
| CVE-2021-34743 | 2021-10-21 | Cisco Webex Software Application Authorization Bypass Vulnerability |
| CVE-2021-34760 | 2021-10-21 | Cisco TelePresence Management Suite Stored Cross-Site Scripting Vulnerability |
| CVE-2021-34789 | 2021-10-21 | Cisco Tetration Stored Cross-Site Scripting Vulnerability |
| CVE-2021-40121 | 2021-10-21 | Cisco Identity Services Engine Cross-Site Scripting Vulnerabilities |
| CVE-2021-40122 | 2021-10-21 | Cisco Meeting Server Call Bridge Denial of Service Vulnerability |
| CVE-2021-40123 | 2021-10-21 | Cisco Identity Services Engine File Download Vulnerability |
| CVE-2021-34736 | 2021-10-21 | Cisco Integrated Management Controller GUI Denial of Service Vulnerability |
| CVE-2021-23139 | 2021-10-21 | A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations. |
| CVE-2021-42011 | 2021-10-21 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected... |
| CVE-2021-42012 | 2021-10-21 | A stack-based buffer overflow vulnerability in Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate privileges on... |
| CVE-2021-42101 | 2021-10-21 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker... |
| CVE-2021-42102 | 2021-10-21 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service agents could allow a local attacker to escalate privileges on affected installations. An... |
| CVE-2021-42103 | 2021-10-21 | An uncontrolled search path element vulnerabilities in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. An attacker... |
| CVE-2021-42104 | 2021-10-21 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate... |
| CVE-2021-42105 | 2021-10-21 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate... |
| CVE-2021-42106 | 2021-10-21 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate... |
| CVE-2021-42107 | 2021-10-21 | Unnecessary privilege vulnerabilities in Trend Micro Apex One, Apex One as a Service, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services could allow a local attacker to escalate... |
| CVE-2021-42108 | 2021-10-21 | Unnecessary privilege vulnerabilities in the Web Console of Trend Micro Apex One, Apex One as a Service and Worry-Free Business Security 10.0 SP1 could allow a local attacker to escalate... |
| CVE-2021-41790 | 2021-10-21 | An issue was discovered in Hyland org.alfresco:alfresco-content-services through 7.0.1.2. Script Action execution allows executing scripts uploaded outside of the Data Dictionary. This could allow a logged-in attacker to execute arbitrary... |
| CVE-2021-41791 | 2021-10-21 | An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads... |
| CVE-2021-41792 | 2021-10-21 | An issue was discovered in Hyland org.alfresco:alfresco-content-services through 6.2.2.18 and org.alfresco:alfresco-transform-services through 1.3. A crafted HTML file, once uploaded, could trigger an unexpected request by the transformation engine. The response... |
| CVE-2021-35512 | 2021-10-21 | An SSRF issue was discovered in Zoho ManageEngine Applications Manager build 15200. |
| CVE-2021-42740 | 2021-10-21 | The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of... |
| CVE-2020-27304 | 2021-10-21 | The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API.... |
| CVE-2021-28975 | 2021-10-21 | WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter. |
| CVE-2021-20120 | 2021-10-21 | The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the... |
| CVE-2020-14263 | 2021-10-21 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" |
| CVE-2021-29873 | 2021-10-21 | IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229. |
| CVE-2021-29883 | 2021-10-21 | IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the... |
| CVE-2021-28496 | 2021-10-21 | In Arista's EOS software affected releases, the shared secret profiles sensitive configuration might be leaked when displaying output over eAPI or other JSON outputs to authenticated users on the device. |
| CVE-2021-41146 | 2021-10-21 | Arbitrary command execution on Windows in qutebrowser |
| CVE-2021-35225 | 2021-10-21 | Netpath Horizontal Privilege Escalation Vulnerability: NPM 2020.2.5 |
| CVE-2021-35227 | 2021-10-21 | Insecure Web Configuration for RabbitMQ Management Plugin in SolarWinds ARM |
| CVE-2021-35228 | 2021-10-21 | Reflected cross site scripting affecting SolarWinds: DPA 2021.3.7388 |
| CVE-2021-42716 | 2021-10-21 | An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting... |
| CVE-2021-40719 | 2021-10-21 | Adobe Connect Deserialization of Untrusted Data Remote Code Execution |
| CVE-2021-22034 | 2021-10-21 | Releases prior to VMware vRealize Operations Tenant App 8.6 contain an Information Disclosure Vulnerability. |
| CVE-2021-39348 | 2021-10-21 | LearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39357 | 2021-10-21 | Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39356 | 2021-10-21 | Content Staging <= 2.0.1 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39352 | 2021-10-21 | Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload |
| CVE-2021-39328 | 2021-10-21 | Simple Job Board <= 2.9.4 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39321 | 2021-10-21 | Sassy Social Share 3.3.23 PHP Object Injection |
| CVE-2021-39354 | 2021-10-21 | Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting |
| CVE-2021-41168 | 2021-10-21 | Hash-Collision Denial-of-Service Vulnerability in snudown |
| CVE-2021-41127 | 2021-10-21 | Maliciously Crafted Model Archive Can Lead To Arbitrary File Write in rasa |
| CVE-2021-36869 | 2021-10-21 | WordPress Ivory Search plugin <= 4.6.6 - Reflected Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-41169 | 2021-10-21 | Improper Neutralization HTML tags in sulu/sulu |
| CVE-2021-27746 | 2021-10-21 | "HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" |
| CVE-2021-34362 | 2021-10-22 | Command Injection Vulnerability in Media Streaming Add-on |
| CVE-2021-31835 | 2021-10-22 | McAfee ePO Cross-Site Scripting vulnerability |
| CVE-2021-31834 | 2021-10-22 | McAfee ePO Cross-Site Scripting vulnerability |
| CVE-2021-36357 | 2021-10-22 | An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer... |
| CVE-2021-35230 | 2021-10-22 | Unquoted Path Vulnerability (SMB Login) in Kiwi CatTools |
| CVE-2021-38475 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38473 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38481 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38477 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38469 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38479 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38471 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38467 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38463 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38465 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38461 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38453 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38459 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38451 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38455 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38457 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-38449 | 2021-10-22 | AUVESY Versiondog |
| CVE-2021-31682 | 2021-10-22 | The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This... |
| CVE-2021-41744 | 2021-10-22 | All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application... |
| CVE-2021-41747 | 2021-10-22 | Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies. |
| CVE-2021-41745 | 2021-10-22 | ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions. |
| CVE-2021-42169 | 2021-10-22 | The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username)... |
| CVE-2021-42534 | 2021-10-22 | Trane Building Automation Controllers Cross-site Scripting |
| CVE-2021-42538 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-42539 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-42536 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-42540 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-42542 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-38485 | 2021-10-22 | Emerson WirelessHART Gateway |
| CVE-2021-0651 | 2021-10-22 | In loadLabel of PackageItemInfo.java, there is a possible way to DoS a device by having a long label in an app due to incorrect input validation. This could lead to... |
| CVE-2021-0483 | 2021-10-22 | In multiple methods of AAudioService, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction... |
| CVE-2021-0708 | 2021-10-22 | In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2021-0643 | 2021-10-22 | In getAllSubInfoList of SubscriptionController.java, there is a possible way to retrieve a long term identifier without the correct permissions due to a missing permission check. This could lead to local... |
| CVE-2021-0703 | 2021-10-22 | In SecondStageMain of init.cpp, there is a possible use after free due to incorrect shared_ptr usage. This could lead to local escalation of privilege if the attacker has physical access... |