CVE List - 2021 / October
Showing 901 - 1000 of 1706 CVEs for October 2021 (Page 10 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-38464 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38466 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38462 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38476 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38472 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38482 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38484 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38480 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38478 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38486 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-3846 | 2021-10-19 | Unrestricted Upload of File with Dangerous Type in firefly-iii/firefly-iii |
| CVE-2021-3851 | 2021-10-19 | Open Redirect in firefly-iii/firefly-iii |
| CVE-2021-3858 | 2021-10-19 | Cross-Site Request Forgery (CSRF) in snipe/snipe-it |
| CVE-2021-3863 | 2021-10-19 | Cross-site Scripting (XSS) - Generic in snipe/snipe-it |
| CVE-2021-3869 | 2021-10-19 | Improper Restriction of XML External Entity Reference in stanfordnlp/corenlp |
| CVE-2021-3872 | 2021-10-19 | Heap-based Buffer Overflow in vim/vim |
| CVE-2021-3879 | 2021-10-19 | Cross-site Scripting (XSS) - Stored in snipe/snipe-it |
| CVE-2021-3888 | 2021-10-19 | Use of Out-of-range Pointer Offset in bfabiszewski/libmobi |
| CVE-2021-3889 | 2021-10-19 | Use of Out-of-range Pointer Offset in bfabiszewski/libmobi |
| CVE-2021-30849 | 2021-10-19 | Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS... |
| CVE-2021-30850 | 2021-10-19 | An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to... |
| CVE-2021-30848 | 2021-10-19 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted... |
| CVE-2021-30846 | 2021-10-19 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS... |
| CVE-2021-30847 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes... |
| CVE-2021-30843 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and... |
| CVE-2021-30845 | 2021-10-19 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory. |
| CVE-2021-30841 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and... |
| CVE-2021-30844 | 2021-10-19 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak... |
| CVE-2021-30838 | 2021-10-19 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code... |
| CVE-2021-30842 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and... |
| CVE-2021-30835 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing... |
| CVE-2021-30837 | 2021-10-19 | A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to... |
| CVE-2021-30832 | 2021-10-19 | A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to... |
| CVE-2021-30830 | 2021-10-19 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to... |
| CVE-2021-30828 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files... |
| CVE-2021-30827 | 2021-10-19 | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be... |
| CVE-2021-30829 | 2021-10-19 | A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute... |
| CVE-2021-30826 | 2021-10-19 | A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and... |
| CVE-2021-30807 | 2021-10-19 | A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be... |
| CVE-2021-30819 | 2021-10-19 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents. |
| CVE-2021-30825 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary... |
| CVE-2021-30810 | 2021-10-19 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be... |
| CVE-2021-30820 | 2021-10-19 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution. |
| CVE-2021-30815 | 2021-10-19 | A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15.... |
| CVE-2021-30811 | 2021-10-19 | This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information. |
| CVE-2020-29622 | 2021-10-19 | A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution... |
| CVE-2011-1497 | 2021-10-19 | A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6. |
| CVE-2021-30358 | 2021-10-19 | Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent. |
| CVE-2021-3746 | 2021-10-19 | A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. The vulnerability is triggered by specially-crafted TPM2 command packets that then trigger... |
| CVE-2011-1075 | 2021-10-19 | FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses... |
| CVE-2021-26589 | 2021-10-19 | A potential security vulnerability has been identified in HPE Superdome Flex Servers. The vulnerability could be remotely exploited to allow Cross Site Scripting (XSS) because the Session Cookie is missing... |
| CVE-2021-27001 | 2021-10-19 | Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily modify Compliance-mode... |
| CVE-2021-36832 | 2021-10-19 | WordPress Icegram plugin <= 2.0.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability |
| CVE-2021-39329 | 2021-10-19 | JobBoardWP – Job Board Listings and Submissions <= 1.0.7 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39343 | 2021-10-19 | MPL-Publisher – Self-publish your book & ebook <= 1.30.2 Authenticated Stored Cross-Site Scripting |
| CVE-2021-39355 | 2021-10-19 | Indeed Job Importer <= 1.0.5 Authenticated Stored Cross-Site Scripting |
| CVE-2021-29912 | 2021-10-19 | IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality... |
| CVE-2021-38911 | 2021-10-19 | IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. IBM X-Force ID: 209940. |
| CVE-2020-12141 | 2021-10-19 | An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to... |
| CVE-2021-33988 | 2021-10-19 | Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. |
| CVE-2021-35323 | 2021-10-19 | Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. |
| CVE-2021-32663 | 2021-10-19 | Unauthorized setup leads to SSRF in Combodo/iTop |
| CVE-2021-32664 | 2021-10-19 | Reflected XSS in Combodo/iTop |
| CVE-2021-41131 | 2021-10-19 | Client metadata path-traversal in python-tuf |
| CVE-2021-41149 | 2021-10-19 | Improper sanitization of target names in tough |
| CVE-2021-41140 | 2021-10-19 | Reactions leak for secure category topics and private messages |
| CVE-2021-0296 | 2021-10-19 | CTPView: HSTS not being enforced on CTPView server. |
| CVE-2021-0297 | 2021-10-19 | Junos OS Evolved: BGP and LDP sessions with TCP MD5 authentication established with peers not configured for authentication |
| CVE-2021-0298 | 2021-10-19 | Junos OS Evolved: PTX10003, PTX10008: picd core while executing the "show chassis pic" command under certain conditions |
| CVE-2021-0299 | 2021-10-19 | Junos OS: Kernel crash (vmcore) upon receipt of a malformed IPv6 packet |
| CVE-2021-31349 | 2021-10-19 | Session Smart Router: Authentication Bypass Vulnerability |
| CVE-2021-31350 | 2021-10-19 | Junos OS and Junos OS Evolved: Privilege escalation vulnerability in Juniper Extension Toolkit (JET) |
| CVE-2021-31351 | 2021-10-19 | Junos OS: MX Series: Receipt of specific packet on MS-MPC/MS-MIC causes line card reset |
| CVE-2021-31352 | 2021-10-19 | SRC Series: NETCONF over SSH allows negotiation of weak ciphers |
| CVE-2021-31353 | 2021-10-19 | Junos OS and Junos OS Evolved: RPD core upon receipt of specific BGP update |
| CVE-2021-31354 | 2021-10-19 | Junos OS and Junos OS Evolved: A vulnerability in the Juniper Agile License Client may allow an attacker to perform Remote Code Execution (RCE) |
| CVE-2021-31355 | 2021-10-19 | Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal |
| CVE-2021-31356 | 2021-10-19 | Junos OS Evolved: Multiple shell-injection vulnerabilities in EVO UI wrapper scripts |
| CVE-2021-31357 | 2021-10-19 | Junos OS Evolved: shell-injection vulnerabilities in evo_tcpdump UI wrapper script |
| CVE-2021-31358 | 2021-10-19 | Junos OS Evolved: shell-injection vulnerabilities in evo_sftp UI wrapper script |
| CVE-2021-31359 | 2021-10-19 | Junos OS and Junos OS Evolved: Local Privilege Escalation vulnerability |
| CVE-2021-31360 | 2021-10-19 | Junos OS and Junos OS Evolved: Denial of Service vulnerability in local file processing |
| CVE-2021-31361 | 2021-10-19 | Junos OS: QFX Series and PTX Series: FPC resource usage increases when certain packets are processed which are being VXLAN encapsulated |
| CVE-2021-31362 | 2021-10-19 | Junos OS and Junos OS Evolved: An IS-IS adjacency might be taken down if a bad hello PDU is received for an existing adjacency causing a DoS |
| CVE-2021-31363 | 2021-10-19 | Junos OS and Junos OS Evolved: Receipt of a specific LDP message will cause a Denial of Service |
| CVE-2021-31364 | 2021-10-19 | Junos OS: SRX Series: The flowd process will crash if log session-close is configured and specific traffic is received |
| CVE-2021-31365 | 2021-10-19 | Junos OS: EX2300, EX3400 and EX4300 Series: An Aggregated Ethernet (AE) interface will go down due to a stream of specific layer 2 frames |
| CVE-2021-31366 | 2021-10-19 | Junos OS: MX Series: In subscriber management / BBE configuration authd can crash if a subscriber with a specific username tries to login leading to a DoS |
| CVE-2021-31367 | 2021-10-19 | Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash |
| CVE-2021-31368 | 2021-10-19 | Junos OS: EX2300 Series, EX3400 Series, and ACX710 might become unresponsive if the out-of-band management port receives a flood of traffic |
| CVE-2021-31369 | 2021-10-19 | Junos OS: MX Series: Traffic drops will be observed if MS-MPC/MS-PIC resources are consumed by certain traffic causing a partial DoS |
| CVE-2021-31370 | 2021-10-19 | Junos OS: QFX5000 Series and EX4600 Series: Control traffic might be dropped if a high rate of specific multicast traffic is received |
| CVE-2021-31371 | 2021-10-19 | Junos OS: QFX5000 Series: Traffic from the network internal to the device (128.0.0.0) may be forwarded to egress interfaces. |
| CVE-2021-31372 | 2021-10-19 | Junos OS: J-Web allows a locally authenticated attacker to escalate their privileges to root. |
| CVE-2021-31373 | 2021-10-19 | Junos OS: SRX Series: Persistent XSS vulnerability in J-Web |
| CVE-2021-31374 | 2021-10-19 | Junos OS and Junos OS Evolved: RPD crash while processing a specially crafted BGP UPDATE or KEEPALIVE message. |
| CVE-2021-31375 | 2021-10-19 | Junos OS: Receipt of a specific BGP update may cause RPKI policy-checks to be bypassed |
| CVE-2021-31376 | 2021-10-19 | Junos OS: ACX Series: Packet Forwarding Engine manager (FXPC) process crashes when processing DHCPv6 packets |
| CVE-2021-31377 | 2021-10-19 | Junos OS: A local authenticated attacker can cause RPD to core |
| CVE-2021-31378 | 2021-10-19 | Junos OS: An attacker sending spoofed RADIUS messages to a Junos OS device configured for broadband services may cause broadband subscribers to remain stuck in a "Terminating" state. |