CVE List - 2021 / October
Showing 1501 - 1600 of 1706 CVEs for October 2021 (Page 16 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2011-4574 | 2021-10-27 | PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This... |
| CVE-2021-32951 | 2021-10-27 | Advantech WebAccess/NMS Improper Authentication |
| CVE-2021-35235 | 2021-10-27 | ASP.NET Debug Feature Enabled |
| CVE-2021-35236 | 2021-10-27 | Missing Secure Flag From SSL Cookie |
| CVE-2021-34580 | 2021-10-27 | Remote user enumeration in mymbCONNECT24, mbCONNECT24 <= 2.9.0 |
| CVE-2021-41872 | 2021-10-27 | Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service. |
| CVE-2021-41590 | 2021-10-27 | In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured... |
| CVE-2021-41619 | 2021-10-27 | An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying... |
| CVE-2021-41589 | 2021-10-27 | In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default... |
| CVE-2020-24932 | 2021-10-27 | An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. |
| CVE-2021-22101 | 2021-10-27 | Cloud Controller versions prior to 1.118.0 are vulnerable to unauthenticated denial of Service(DoS) vulnerability allowing unauthenticated attackers to cause denial of service by using REST HTTP requests with label_selectors on... |
| CVE-2021-37221 | 2021-10-27 | A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an... |
| CVE-2021-38379 | 2021-10-27 | The Hub in CFEngine Enterprise 3.6.7 through 3.18.0 has Insecure Permissions that allow local Information Disclosure. |
| CVE-2021-36756 | 2021-10-27 | CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation. |
| CVE-2021-37803 | 2021-10-27 | An SQL Injection vulnerability exists in Sourcecodester Online Covid Vaccination Scheduler System 1.0 via the username in lognin.php . |
| CVE-2021-37805 | 2021-10-27 | A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. |
| CVE-2021-20526 | 2021-10-27 | IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to... |
| CVE-2021-29673 | 2021-10-27 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29713 | 2021-10-27 | IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading... |
| CVE-2021-29774 | 2021-10-27 | IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025. |
| CVE-2021-29786 | 2021-10-27 | IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172. |
| CVE-2021-29844 | 2021-10-27 | IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration... |
| CVE-2021-37806 | 2021-10-27 | An SQL Injection vulnerability exists in https://phpgurukul.com Vehicle Parking Management System affected version 1.0. The system is vulnerable to time-based SQL injection on multiple endpoints. Based on the SLEEP(N) function... |
| CVE-2021-29868 | 2021-10-27 | IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213. |
| CVE-2021-37807 | 2021-10-27 | An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is... |
| CVE-2021-37808 | 2021-10-27 | SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay... |
| CVE-2021-3900 | 2021-10-27 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-40125 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IKEv2 Site-to-Site VPN Denial of Service Vulnerability |
| CVE-2021-34754 | 2021-10-27 | Cisco Firepower Threat Defense Software Ethernet Industrial Protocol Policy Bypass Vulnerabilities |
| CVE-2021-34755 | 2021-10-27 | Cisco Firepower Threat Defense Software Command Injection Vulnerabilities |
| CVE-2021-34756 | 2021-10-27 | Cisco Firepower Threat Defense Software Command Injection Vulnerabilities |
| CVE-2021-34761 | 2021-10-27 | Cisco Firepower Threat Defense Software CLI Arbitrary File Write Vulnerability |
| CVE-2021-34762 | 2021-10-27 | Cisco Firepower Management Center Software Authenticated Directory Traversal Vulnerability |
| CVE-2021-34763 | 2021-10-27 | Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities |
| CVE-2021-34764 | 2021-10-27 | Cisco Firepower Management Center Software Cross-Site Scripting and Open Redirect Vulnerabilities |
| CVE-2021-34781 | 2021-10-27 | Cisco Firepower Threat Defense Software SSH Connections Denial of Service Vulnerability |
| CVE-2021-34783 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Software-Based SSL/TLS Denial of Service Vulnerability |
| CVE-2021-34787 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Identity-Based Rule Bypass Vulnerability |
| CVE-2021-34790 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities |
| CVE-2021-34791 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Application Level Gateway Bypass Vulnerabilities |
| CVE-2021-34792 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Resource Exhaustion Denial of Service Vulnerability |
| CVE-2021-34793 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Transparent Mode Denial of Service Vulnerability |
| CVE-2021-34794 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SNMP Access Control Vulnerability |
| CVE-2021-40114 | 2021-10-27 | Multiple Cisco Products Snort Memory Leak Denial of Service Vulnerability |
| CVE-2021-40116 | 2021-10-27 | Multiple Cisco Products Snort Rule Denial of Service Vulnerability |
| CVE-2021-40117 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Denial of Service Vulnerability |
| CVE-2021-40118 | 2021-10-27 | Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerabilities |
| CVE-2020-21250 | 2021-10-27 | CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. |
| CVE-2021-41191 | 2021-10-27 | API giving out files without key |
| CVE-2021-1115 | 2021-10-27 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs, where an attacker with local unprivileged system access may cause a... |
| CVE-2021-1116 | 2021-10-27 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a NULL pointer dereference in the kernel, created within user mode code, may lead... |
| CVE-2021-1117 | 2021-10-27 | Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an attacker through specific configuration and with local unprivileged system access may cause improper input validation,... |
| CVE-2021-3901 | 2021-10-27 | Cross-Site Request Forgery (CSRF) in firefly-iii/firefly-iii |
| CVE-2021-3903 | 2021-10-27 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-25219 | 2021-10-27 | Lame cache can be abused to severely degrade resolver performance |
| CVE-2021-3904 | 2021-10-27 | Cross-site Scripting (XSS) - Stored in getgrav/grav |
| CVE-2021-3906 | 2021-10-27 | Unrestricted Upload of File with Dangerous Type in bookstackapp/bookstack |
| CVE-2020-10005 | 2021-10-28 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to... |
| CVE-2021-43056 | 2021-10-28 | An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due... |
| CVE-2021-43057 | 2021-10-28 | An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption... |
| CVE-2019-19810 | 2021-10-28 | Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests... |
| CVE-2021-37748 | 2021-10-28 | Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting,... |
| CVE-2021-37915 | 2021-10-28 | An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result,... |
| CVE-2021-22436 | 2021-10-28 | There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. |
| CVE-2021-22481 | 2021-10-28 | There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22482 | 2021-10-28 | There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data. |
| CVE-2021-22401 | 2021-10-28 | There is a Remote DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. |
| CVE-2021-22402 | 2021-10-28 | There is a DoS vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause DoS attacks. |
| CVE-2021-22403 | 2021-10-28 | There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute... |
| CVE-2021-22404 | 2021-10-28 | There is a Directory traversal vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22405 | 2021-10-28 | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-22406 | 2021-10-28 | There is an Uncaught Exception vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the app to exit unexpectedly. |
| CVE-2021-22407 | 2021-10-28 | There is a Configuration defects in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22472 | 2021-10-28 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22473 | 2021-10-28 | There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22474 | 2021-10-28 | There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions. |
| CVE-2021-22475 | 2021-10-28 | There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22483 | 2021-10-28 | There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS. |
| CVE-2021-22485 | 2021-10-28 | There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22486 | 2021-10-28 | There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-22487 | 2021-10-28 | There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-22488 | 2021-10-28 | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. |
| CVE-2021-22490 | 2021-10-28 | There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance. |
| CVE-2021-22491 | 2021-10-28 | There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-36985 | 2021-10-28 | There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart. |
| CVE-2021-36986 | 2021-10-28 | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. |
| CVE-2021-36987 | 2021-10-28 | There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause the... |
| CVE-2021-36988 | 2021-10-28 | There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity. |
| CVE-2021-36989 | 2021-10-28 | There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. |
| CVE-2021-36990 | 2021-10-28 | There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. |
| CVE-2021-36991 | 2021-10-28 | There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access. |
| CVE-2021-36992 | 2021-10-28 | There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. |
| CVE-2021-36993 | 2021-10-28 | There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability. |
| CVE-2021-36994 | 2021-10-28 | There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when... |
| CVE-2021-36995 | 2021-10-28 | There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. |
| CVE-2021-36996 | 2021-10-28 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information. |
| CVE-2021-36997 | 2021-10-28 | There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app... |
| CVE-2021-36998 | 2021-10-28 | There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds. |
| CVE-2021-36999 | 2021-10-28 | There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution. |
| CVE-2021-37001 | 2021-10-28 | There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified. |