CVE List - 2021 / October
Showing 1301 - 1400 of 1706 CVEs for October 2021 (Page 14 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-0652 | 2021-10-22 | In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with... |
| CVE-2021-0705 | 2021-10-22 | In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to... |
| CVE-2021-0870 | 2021-10-22 | In RW_SetActivatedTagType of rw_main.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is... |
| CVE-2021-0706 | 2021-10-22 | In startListening of PluginManagerImpl.java, there is a possible way to disable arbitrary app components due to a missing permission check. This could lead to local denial of service with no... |
| CVE-2021-0702 | 2021-10-22 | In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional... |
| CVE-2021-30359 | 2021-10-22 | The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair... |
| CVE-2021-42836 | 2021-10-22 | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. |
| CVE-2021-42840 | 2021-10-22 | SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file... |
| CVE-2021-42556 | 2021-10-22 | Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within... |
| CVE-2021-41171 | 2021-10-22 | Bypass bruteforce protection on login form in elabftw |
| CVE-2021-29835 | 2021-10-22 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2020-36502 | 2021-10-22 | Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a... |
| CVE-2020-36501 | 2021-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state... |
| CVE-2020-36498 | 2021-10-22 | Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via... |
| CVE-2020-36499 | 2021-10-22 | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers... |
| CVE-2020-36497 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters. |
| CVE-2020-36496 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. |
| CVE-2020-36495 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters. |
| CVE-2020-36493 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |
| CVE-2020-36494 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters. |
| CVE-2020-36492 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |
| CVE-2020-36490 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |
| CVE-2020-36491 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |
| CVE-2020-36488 | 2021-10-22 | An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands. |
| CVE-2020-36489 | 2021-10-22 | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2020-36486 | 2021-10-22 | Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling. |
| CVE-2020-36485 | 2021-10-22 | Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via... |
| CVE-2020-28968 | 2021-10-22 | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML... |
| CVE-2020-28969 | 2021-10-22 | Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file. |
| CVE-2020-28967 | 2021-10-22 | FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers. |
| CVE-2020-28964 | 2021-10-22 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors. |
| CVE-2020-28963 | 2021-10-22 | Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. |
| CVE-2020-28960 | 2021-10-22 | Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters. |
| CVE-2020-28961 | 2021-10-22 | Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter. |
| CVE-2020-28957 | 2021-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name,... |
| CVE-2020-28956 | 2021-10-22 | Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state... |
| CVE-2020-28955 | 2021-10-22 | SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted... |
| CVE-2020-23060 | 2021-10-22 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Export/Import function. This vulnerability allows attackers to escalate local process privileges via a crafted ef2 file. |
| CVE-2020-23061 | 2021-10-22 | Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal... |
| CVE-2020-23058 | 2021-10-22 | An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data. |
| CVE-2020-23055 | 2021-10-22 | ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters. |
| CVE-2020-23054 | 2021-10-22 | A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent... |
| CVE-2020-23052 | 2021-10-22 | Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (Descripción) parameters. |
| CVE-2020-23050 | 2021-10-22 | TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to... |
| CVE-2020-23051 | 2021-10-22 | Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem... |
| CVE-2020-23049 | 2021-10-22 | Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows... |
| CVE-2020-23047 | 2021-10-22 | Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module. |
| CVE-2020-23048 | 2021-10-22 | SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters. |
| CVE-2020-23046 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters. |
| CVE-2020-23044 | 2021-10-22 | DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_pic_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters. |
| CVE-2020-23045 | 2021-10-22 | Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a SQL injection vulnerability via the 'roleId' parameter of the `editRole` and `deletUser` modules. |
| CVE-2020-23043 | 2021-10-22 | Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file upload vulnerability in the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted file. |
| CVE-2020-23041 | 2021-10-22 | Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` exception-handling. This vulnerability allows attackers to... |
| CVE-2020-23042 | 2021-10-22 | Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability in the path parameter of the `list` and `download` module. This vulnerability allows attackers to... |
| CVE-2020-23036 | 2021-10-22 | MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure session validation vulnerability in the session handling of the `password` authentication parameter of the wifi photo transfer module. This... |
| CVE-2020-23037 | 2021-10-22 | Portable Ltd Playable v9.18 contains a code injection vulnerability in the filename parameter, which allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
| CVE-2020-23038 | 2021-10-22 | Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent... |
| CVE-2020-23039 | 2021-10-22 | Folder Lock v3.4.5 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Create Folder function under the 'create' module. This vulnerability allows attackers to execute arbitrary web... |
| CVE-2020-23040 | 2021-10-22 | Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. |
| CVE-2021-42258 | 2021-10-22 | BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection... |
| CVE-2021-21703 | 2021-10-25 | PHP-FPM memory access in root process leading to privilege escalation |
| CVE-2021-40371 | 2021-10-25 | Gridpro Request Management for Windows Azure Pack before 2.0.7912 allows Directory Traversal for remote code execution, as demonstrated by ..\\ in a scriptName JSON value to ServiceManagerTenant/GetVisibilityMap. |
| CVE-2021-40527 | 2021-10-25 | Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an... |
| CVE-2021-40526 | 2021-10-25 | Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process... |
| CVE-2021-38294 | 2021-10-25 | Shell Command Injection Vulnerability in Nimbus Thrift Server |
| CVE-2021-40865 | 2021-10-25 | Unsafe Pre-Authentication Deserialization In Workers |
| CVE-2021-35231 | 2021-10-25 | Unquoted Path (SMB Login) Vulnerability |
| CVE-2020-14264 | 2021-10-25 | "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK" |
| CVE-2021-25977 | 2021-10-25 | Piranha CMS - Stored XSS in Page Title |
| CVE-2021-0409 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0410 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0411 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0412 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0413 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0414 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0613 | 2021-10-25 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0614 | 2021-10-25 | In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0615 | 2021-10-25 | In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User... |
| CVE-2021-0616 | 2021-10-25 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0617 | 2021-10-25 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0618 | 2021-10-25 | In ape extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-0625 | 2021-10-25 | In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2021-0630 | 2021-10-25 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2021-0631 | 2021-10-25 | In wifi driver, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2021-0632 | 2021-10-25 | In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain... |
| CVE-2021-0633 | 2021-10-25 | In display driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2021-0634 | 2021-10-25 | In display driver, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2021-0661 | 2021-10-25 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2021-0662 | 2021-10-25 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2021-0663 | 2021-10-25 | In audio DSP, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed.... |
| CVE-2021-0941 | 2021-10-25 | In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2021-0935 | 2021-10-25 | In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges... |
| CVE-2021-0940 | 2021-10-25 | In TBD of TBD, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege in the kernel with System execution... |
| CVE-2021-24381 | 2021-10-25 | NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24414 | 2021-10-25 | YT Player < 1.4 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24485 | 2021-10-25 | Special Text Boxes < 5.9.110 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24487 | 2021-10-25 | St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24489 | 2021-10-25 | Request a Quote < 2.3.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-0938 | 2021-10-25 | In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed.... |
| CVE-2021-24514 | 2021-10-25 | Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting |