CVE List - 2021 / October
Showing 801 - 900 of 1707 CVEs for October 2021 (Page 9 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-40989 | 2021-10-15 | A local escalation of privilege vulnerability was discovered in Aruba... |
| CVE-2021-40988 | 2021-10-15 | A remote directory traversal vulnerability was discovered in Aruba ClearPass... |
| CVE-2021-40990 | 2021-10-15 | A remote disclosure of sensitive information vulnerability was discovered in... |
| CVE-2021-40996 | 2021-10-15 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass... |
| CVE-2021-41147 | 2021-10-15 | SQL injection in the planning edition panel |
| CVE-2021-40993 | 2021-10-15 | A remote SQL injection vulnerability was discovered in Aruba ClearPass... |
| CVE-2021-40994 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba... |
| CVE-2021-40991 | 2021-10-15 | A remote disclosure of sensitive information vulnerability was discovered in... |
| CVE-2021-40995 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba... |
| CVE-2021-41148 | 2021-10-15 | The update of the CI job targeted by a widget is vulnerable to blind SQL injections |
| CVE-2021-40997 | 2021-10-15 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass... |
| CVE-2021-40998 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba... |
| CVE-2021-38432 | 2021-10-15 | FATEK Automation Communication Server |
| CVE-2021-39864 | 2021-10-15 | Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition |
| CVE-2021-40729 | 2021-10-15 | Adobe Acrobat Reader DC PDF Out-of-Bound Read Vulnerability Information Disclosure |
| CVE-2021-40730 | 2021-10-15 | Adobe Acrobat Reader DC JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-40720 | 2021-10-15 | Ops CLI Deserialization of Untrusted Data leads to Abritrary Code Execution |
| CVE-2021-40724 | 2021-10-15 | Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability |
| CVE-2021-40728 | 2021-10-15 | Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution |
| CVE-2021-40731 | 2021-10-15 | Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-40721 | 2021-10-15 | Adobe Connect Reflected Cross Site Scripting |
| CVE-2021-41320 | 2021-10-15 | A technical user has hardcoded credentials in Wallstreet Suite TRM... |
| CVE-2020-4951 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser... |
| CVE-2021-29679 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated... |
| CVE-2021-29745 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge... |
| CVE-2021-27561 | 2021-10-15 | Yealink Device Management (DM) 3.6.0.20 allows command injection as root... |
| CVE-2018-16060 | 2021-10-15 | Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to... |
| CVE-2018-16061 | 2021-10-15 | Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the... |
| CVE-2021-22942 | 2021-10-18 | A possible open redirect vulnerability in the Host Authorization middleware... |
| CVE-2021-38297 | 2021-10-18 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer... |
| CVE-2021-36097 | 2021-10-18 | Agents are able to lock the ticket without the "Owner" permission |
| CVE-2021-42566 | 2021-10-18 | myfactory.FMS before 7.1-912 allows XSS via the Error parameter. |
| CVE-2021-42565 | 2021-10-18 | myfactory.FMS before 7.1-912 allows XSS via the UID parameter. |
| CVE-2021-38562 | 2021-10-18 | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before... |
| CVE-2021-41611 | 2021-10-18 | An issue was discovered in Squid 5.0.6 through 5.1.x before... |
| CVE-2010-2496 | 2021-10-18 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters,... |
| CVE-2021-38430 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38426 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38442 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38440 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38434 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38438 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38436 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-33023 | 2021-10-18 | Advantech WebAccess |
| CVE-2021-38389 | 2021-10-18 | Advantech WebAccess |
| CVE-2021-21796 | 2021-10-18 | An exploitable use-after-free vulnerability exists in the JavaScript implementation of... |
| CVE-2021-21797 | 2021-10-18 | An exploitable double-free vulnerability exists in the JavaScript implementation of... |
| CVE-2021-22961 | 2021-10-18 | A code injection vulnerability exists within the firewall software of... |
| CVE-2020-8291 | 2021-10-18 | A link preview rendering issue in Rocket.Chat versions before 3.9... |
| CVE-2021-42098 | 2021-10-18 | An incomplete permission check on entries in Devolutions Remote Desktop... |
| CVE-2021-41991 | 2021-10-18 | The in-memory certificate cache in strongSwan before 5.9.4 has a... |
| CVE-2021-41990 | 2021-10-18 | The gmp plugin in strongSwan before 5.9.4 has a remote... |
| CVE-2021-24412 | 2021-10-18 | Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24413 | 2021-10-18 | Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24415 | 2021-10-18 | Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24416 | 2021-10-18 | StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24516 | 2021-10-18 | PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24595 | 2021-10-18 | WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24612 | 2021-10-18 | Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24615 | 2021-10-18 | Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24617 | 2021-10-18 | GamePress <= 1.1.0 - Reflected Cross-Site Scripting |
| CVE-2021-24622 | 2021-10-18 | WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24642 | 2021-10-18 | Scroll Baner <= 1.0 - CSRF to RCE |
| CVE-2021-24672 | 2021-10-18 | One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24675 | 2021-10-18 | One User Avatar < 2.3.7 - Avatar Update via CSRF |
| CVE-2021-24677 | 2021-10-18 | Find My Blocks < 3.4.0 - Private Post Titles Disclosure |
| CVE-2021-24684 | 2021-10-18 | PDF Light Viewer < 1.4.12 - Authenticated Command Injection |
| CVE-2021-24702 | 2021-10-18 | LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24732 | 2021-10-18 | Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24734 | 2021-10-18 | Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24735 | 2021-10-18 | Compact WP Audio Player < 1.9.7 - Setting Change via CSRF |
| CVE-2021-24736 | 2021-10-18 | Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24740 | 2021-10-18 | Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24743 | 2021-10-18 | Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS |
| CVE-2021-24752 | 2021-10-18 | Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change |
| CVE-2021-24754 | 2021-10-18 | MainWP Child Reports < 2.0.8 - Admin+ SQL Injection |
| CVE-2021-24760 | 2021-10-18 | Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-32609 | 2021-10-18 | XSS vulnerability on Explore page |
| CVE-2021-41971 | 2021-10-18 | Possible SQL Injection when template processing is enabled |
| CVE-2021-42576 | 2021-10-18 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8... |
| CVE-2021-42575 | 2021-10-18 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly... |
| CVE-2021-36513 | 2021-10-18 | An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in... |
| CVE-2021-42055 | 2021-10-18 | ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203... |
| CVE-2021-29878 | 2021-10-18 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is... |
| CVE-2021-23449 | 2021-10-18 | Sandbox Bypass |
| CVE-2021-41151 | 2021-10-18 | Path Traversal in @backstage/plugin-scaffolder-backend |
| CVE-2021-42650 | 2021-10-18 | Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1... |
| CVE-2021-41152 | 2021-10-18 | Path Traversal in Folder Component Leading to Local File Inclusion |
| CVE-2021-41153 | 2021-10-18 | Specification non-compliance in JUMPI |
| CVE-2021-41156 | 2021-10-18 | Reflected XSS vulnerability |
| CVE-2021-41155 | 2021-10-18 | SQL injection in CVS revisions browser |
| CVE-2021-41154 | 2021-10-18 | SQL injection in the "SVN core" commits browser |
| CVE-2021-37136 | 2021-10-19 | The Bzip2 decompression decoder function doesn't allow setting size restrictions... |
| CVE-2021-37137 | 2021-10-19 | The Snappy frame decoder function doesn't restrict the chunk length... |
| CVE-2021-20836 | 2021-10-19 | Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an... |
| CVE-2021-25968 | 2021-10-19 | OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap |
| CVE-2021-42261 | 2021-10-19 | Revisor Video Management System (VMS) before 2.0.0 has a directory... |
| CVE-2021-36512 | 2021-10-19 | An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in... |
| CVE-2021-38474 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38470 | 2021-10-19 | InHand Networks IR615 Router |