CVE List - 2021 / October
Showing 1401 - 1500 of 1707 CVEs for October 2021 (Page 15 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-24514 | 2021-10-25 | Visual Form Builder < 3.0.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24515 | 2021-10-25 | Video Gallery - Vimeo and YouTube Gallery < 1.1.5 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24543 | 2021-10-25 | jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24544 | 2021-10-25 | Responsive WordPress Slider <= 2.2.0 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2021-0936 | 2021-10-25 | In acc_read of f_accessory.c, there is a possible memory corruption... |
| CVE-2021-24608 | 2021-10-25 | Formidable Form Builder < 5.0.07 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24653 | 2021-10-25 | Cookie Bar < 1.8.9 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24662 | 2021-10-25 | Game Server Status <= 1.0 - Admin+ SQL Injection |
| CVE-2021-24699 | 2021-10-25 | Easy Media Download < 1.1.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-0939 | 2021-10-25 | In set_default_passthru_cfg of passthru.c, there is a possible out of... |
| CVE-2021-24744 | 2021-10-25 | WordPress Contact Forms by Cimatti < 1.4.12 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24769 | 2021-10-25 | Permalink Manager Lite < 2.2.13.1 - Admin+ SQL Injection |
| CVE-2021-24774 | 2021-10-25 | Check & Log Email < 1.0.3 - Admin+ SQL Injections |
| CVE-2021-24779 | 2021-10-25 | WP Debugging < 2.11.0 - Unauthenticated Plugin's Settings Update |
| CVE-2021-24785 | 2021-10-25 | Great Quotes <= 1.0.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24884 | 2021-10-25 | Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2021-24885 | 2021-10-25 | YOP Poll < 6.1.2 - Reflected Cross-Site Scripting |
| CVE-2017-20007 | 2021-10-25 | Information Exposure in INGEPAC DA AU |
| CVE-2020-20908 | 2021-10-25 | Akaunting v1.3.17 was discovered to contain a stored cross-site scripting... |
| CVE-2021-41035 | 2021-10-25 | In Eclipse Openj9 before version 0.29.0, the JVM does not... |
| CVE-2021-21319 | 2021-10-25 | Several stored XSS |
| CVE-2021-37624 | 2021-10-25 | FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing |
| CVE-2021-41176 | 2021-10-25 | logout CSRF in Pterodactyl Panel |
| CVE-2021-34854 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected... |
| CVE-2021-34855 | 2021-10-25 | This vulnerability allows local attackers to disclose sensitive information on... |
| CVE-2021-34856 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected... |
| CVE-2021-34857 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected... |
| CVE-2021-34859 | 2021-10-25 | This vulnerability allows remote attackers to execute arbitrary code on... |
| CVE-2021-34860 | 2021-10-25 | This vulnerability allows network-adjacent attackers to disclose sensitive information on... |
| CVE-2021-34861 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on... |
| CVE-2021-34862 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on... |
| CVE-2021-34863 | 2021-10-25 | This vulnerability allows network-adjacent attackers to execute arbitrary code on... |
| CVE-2021-34864 | 2021-10-25 | This vulnerability allows local attackers to escalate privileges on affected... |
| CVE-2021-39220 | 2021-10-25 | Bypass of image blocking in Nextcloud Mail |
| CVE-2021-39221 | 2021-10-25 | XSS in Contacts |
| CVE-2021-38258 | 2021-10-25 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer... |
| CVE-2021-38260 | 2021-10-25 | NXP MCUXpresso SDK v2.7.0 was discovered to contain a buffer... |
| CVE-2021-39223 | 2021-10-25 | File path disclosure of shared files in Richdocuments application |
| CVE-2021-39225 | 2021-10-25 | Missing permission check on Deck API |
| CVE-2021-39224 | 2021-10-25 | File path disclosure of shared files in OfficeOnline application |
| CVE-2021-41177 | 2021-10-25 | Rate-limits not working on instances without configured memory cache backend |
| CVE-2021-41178 | 2021-10-25 | File Traversal affecting SVG files on Nextcloud Server |
| CVE-2021-41179 | 2021-10-25 | Two-Factor Authentication not enforced for pages marked as public |
| CVE-2021-41145 | 2021-10-25 | FreeSWITCH susceptible to Denial of Service via SIP flooding |
| CVE-2021-41105 | 2021-10-25 | FreeSWITCH susceptible to Denial of Service via invalid SRTP packets |
| CVE-2021-40345 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. In the... |
| CVE-2021-41182 | 2021-10-26 | XSS in the `altField` option of the Datepicker widget |
| CVE-2021-41183 | 2021-10-26 | XSS in `*Text` options of the Datepicker widget |
| CVE-2021-41184 | 2021-10-26 | XSS in the `of` option of the `.position()` util |
| CVE-2021-41304 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow... |
| CVE-2021-41305 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow... |
| CVE-2021-41306 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow... |
| CVE-2021-41307 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow... |
| CVE-2021-41308 | 2021-10-26 | Affected versions of Atlassian Jira Server and Data Center allow... |
| CVE-2021-20837 | 2021-10-26 | Movable Type 7 r.5002 and earlier (Movable Type 7 Series),... |
| CVE-2021-34583 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a heap-based buffer overflow (DoS) |
| CVE-2021-34584 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a buffer over-read (DoS) |
| CVE-2021-34585 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a pointer dereference with an invalid address (DoS) |
| CVE-2021-34586 | 2021-10-26 | CODESYS V2 web server: crafted requests could trigger a null pointer dereference (DoS) |
| CVE-2021-34593 | 2021-10-26 | CODESYS V2 runtime: unauthenticated invalid requests may result in denial-of-service |
| CVE-2021-34595 | 2021-10-26 | CODESYS V2 runtime: out-of-bounds read or write access may result in denial-of-service |
| CVE-2021-34596 | 2021-10-26 | CODESYS V2 runtime: Access of Uninitialized Pointer may result in denial-of-service |
| CVE-2020-5669 | 2021-10-26 | Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37... |
| CVE-2021-42343 | 2021-10-26 | An issue was discovered in the Dask distributed package before... |
| CVE-2021-40343 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. Insecure file... |
| CVE-2021-40344 | 2021-10-26 | An issue was discovered in Nagios XI 5.8.5. In the... |
| CVE-2021-41873 | 2021-10-26 | Penguin Aurora TV Box 41502 is a high-end network HD... |
| CVE-2021-26607 | 2021-10-26 | TOBESOFT NEXACRO17 arbitrary command execution vulnerability |
| CVE-2021-41078 | 2021-10-26 | Nameko through 2.13.0 can be tricked into performing arbitrary code... |
| CVE-2021-26609 | 2021-10-26 | WordPress Mangboard SQL-Injection vulnerability |
| CVE-2011-2195 | 2021-10-26 | A flaw was found in WebSVN 2.3.2. Without prior authentication,... |
| CVE-2011-4119 | 2021-10-26 | caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe... |
| CVE-2021-37371 | 2021-10-26 | Online Student Admission System 1.0 is affected by an unauthenticated... |
| CVE-2021-37372 | 2021-10-26 | Online Student Admission System 1.0 is affected by an insecure... |
| CVE-2021-37363 | 2021-10-26 | An Insecure Permissions issue exists in Gestionale Open 11.00.00. A... |
| CVE-2021-37364 | 2021-10-26 | OpenClinic GA 5.194.18 is affected by Insecure Permissions. By default... |
| CVE-2021-41157 | 2021-10-26 | FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default |
| CVE-2021-41158 | 2021-10-26 | FreeSWITCH vulnerable to SIP digest leak for configured gateways |
| CVE-2021-41172 | 2021-10-26 | Self-XSS in AS_Redis |
| CVE-2021-41173 | 2021-10-26 | DoS via maliciously crafted p2p message |
| CVE-2021-41175 | 2021-10-26 | Stored XSS in Client Groups Management (Authenticated) |
| CVE-2021-41185 | 2021-10-26 | Download file outside intended directory |
| CVE-2021-41188 | 2021-10-26 | Authenticated Stored XSS in Administration |
| CVE-2021-35499 | 2021-10-26 | TIBCO Nimbus Stored Cross-site Scripting (XSS) vulnerabilities |
| CVE-2019-3556 | 2021-10-26 | HHVM supports the use of an "admin" server which accepts... |
| CVE-2020-22864 | 2021-10-26 | A cross site scripting (XSS) vulnerability in the Insert Video... |
| CVE-2021-41866 | 2021-10-26 | MyBB before 1.8.28 allows stored XSS because the displayed Template... |
| CVE-2021-23877 | 2021-10-26 | McAfee Total Protection (MTP) - Privilege Escalation vulnerability |
| CVE-2021-37131 | 2021-10-27 | There is a CSV injection vulnerability in ManageOne, iManager NetEco... |
| CVE-2021-37124 | 2021-10-27 | There is a path traversal vulnerability in Huawei PC product.... |
| CVE-2021-37127 | 2021-10-27 | There is a signature management vulnerability in some huawei products.... |
| CVE-2021-37130 | 2021-10-27 | There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The... |
| CVE-2021-37122 | 2021-10-27 | There is a use-after-free (UAF) vulnerability in Huawei products. An... |
| CVE-2021-37129 | 2021-10-27 | There is an out of bounds write vulnerability in some... |
| CVE-2020-7867 | 2021-10-27 | Helpu arbitrary file creation vulnerability |
| CVE-2021-26610 | 2021-10-27 | godomall5 remote code execution vulnerability |
| CVE-2021-38450 | 2021-10-27 | Trane Tracer Code Injection |
| CVE-2011-4124 | 2021-10-27 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which... |
| CVE-2011-4125 | 2021-10-27 | A untrusted search path issue was found in Calibre at... |
| CVE-2011-4126 | 2021-10-27 | Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing... |