CVE List - 2021 / October
Showing 801 - 900 of 1706 CVEs for October 2021 (Page 9 of 18)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-40988 | 2021-10-15 | A remote directory traversal vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-40990 | 2021-10-15 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to... |
| CVE-2021-40996 | 2021-10-15 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-41147 | 2021-10-15 | SQL injection in the planning edition panel |
| CVE-2021-40993 | 2021-10-15 | A remote SQL injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-40994 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-40991 | 2021-10-15 | A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to... |
| CVE-2021-40995 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-41148 | 2021-10-15 | The update of the CI job targeted by a widget is vulnerable to blind SQL injections |
| CVE-2021-40997 | 2021-10-15 | A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 -... |
| CVE-2021-40998 | 2021-10-15 | A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1... |
| CVE-2021-38432 | 2021-10-15 | FATEK Automation Communication Server |
| CVE-2021-39864 | 2021-10-15 | Adobe Commerce Cross-Site Request Forgery (CSRF) Could Lead To Unauthorized Cart Addition |
| CVE-2021-40729 | 2021-10-15 | Adobe Acrobat Reader DC PDF Out-of-Bound Read Vulnerability Information Disclosure |
| CVE-2021-40730 | 2021-10-15 | Adobe Acrobat Reader DC JPEG2000 Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2021-40720 | 2021-10-15 | Ops CLI Deserialization of Untrusted Data leads to Abritrary Code Execution |
| CVE-2021-40724 | 2021-10-15 | Adobe Acrobat Reader Android Abritrary Code Execution Vulnerability |
| CVE-2021-40728 | 2021-10-15 | Adobe Acrobat Reader DC Use After Free Arbitrary Code Execution |
| CVE-2021-40731 | 2021-10-15 | Adobe Acrobat Reader DC JPEG2000 Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2021-40721 | 2021-10-15 | Adobe Connect Reflected Cross Site Scripting |
| CVE-2021-41320 | 2021-10-15 | A technical user has hardcoded credentials in Wallstreet Suite TRM 7.4.83 (64-bit edition) with higher privilege than the average authenticated user. NOTE: the vendor disputes this because the password is... |
| CVE-2020-4951 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. |
| CVE-2021-29679 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI)... |
| CVE-2021-29745 | 2021-10-15 | IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have... |
| CVE-2021-27561 | 2021-10-15 | Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. |
| CVE-2018-16060 | 2021-10-15 | Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI. |
| CVE-2018-16061 | 2021-10-15 | Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php. |
| CVE-2021-22942 | 2021-10-18 | A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website. |
| CVE-2021-38297 | 2021-10-18 | Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. |
| CVE-2021-36097 | 2021-10-18 | Agents are able to lock the ticket without the "Owner" permission |
| CVE-2021-42566 | 2021-10-18 | myfactory.FMS before 7.1-912 allows XSS via the Error parameter. |
| CVE-2021-42565 | 2021-10-18 | myfactory.FMS before 7.1-912 allows XSS via the UID parameter. |
| CVE-2021-38562 | 2021-10-18 | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. |
| CVE-2021-41611 | 2021-10-18 | An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows... |
| CVE-2010-2496 | 2021-10-18 | stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations.... |
| CVE-2021-38430 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38426 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38442 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38440 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38434 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38438 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-38436 | 2021-10-18 | FATEK Automation WinProladder |
| CVE-2021-33023 | 2021-10-18 | Advantech WebAccess |
| CVE-2021-38389 | 2021-10-18 | Advantech WebAccess |
| CVE-2021-21796 | 2021-10-18 | An exploitable use-after-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause an object containing the path to a document to be destroyed... |
| CVE-2021-21797 | 2021-10-18 | An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two... |
| CVE-2021-22961 | 2021-10-18 | A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. |
| CVE-2020-8291 | 2021-10-18 | A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. |
| CVE-2021-42098 | 2021-10-18 | An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell. |
| CVE-2021-41991 | 2021-10-18 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the cache and later trigger the replacement of... |
| CVE-2021-41990 | 2021-10-18 | The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed... |
| CVE-2021-24412 | 2021-10-18 | Html5 Audio Player < 2.1.3 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24413 | 2021-10-18 | Easy Twitter Feed < 1.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24415 | 2021-10-18 | Polo Video Gallery <= 1.2 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24416 | 2021-10-18 | StreamCast < 2.1.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24516 | 2021-10-18 | PlanSo Forms <= 2.6.3 - Authenticated Stored Cross-Site Scripting |
| CVE-2021-24595 | 2021-10-18 | WP Cookie Choice <= 1.1.0 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24612 | 2021-10-18 | Sociable <= 4.3.4.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24615 | 2021-10-18 | Wechat Reward <= 1.7 - CSRF to Stored Cross-Site Scripting |
| CVE-2021-24617 | 2021-10-18 | GamePress <= 1.1.0 - Reflected Cross-Site Scripting |
| CVE-2021-24622 | 2021-10-18 | WP Ticket < 5.10.4 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24642 | 2021-10-18 | Scroll Baner <= 1.0 - CSRF to RCE |
| CVE-2021-24672 | 2021-10-18 | One User Avatar < 2.3.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24675 | 2021-10-18 | One User Avatar < 2.3.7 - Avatar Update via CSRF |
| CVE-2021-24677 | 2021-10-18 | Find My Blocks < 3.4.0 - Private Post Titles Disclosure |
| CVE-2021-24684 | 2021-10-18 | PDF Light Viewer < 1.4.12 - Authenticated Command Injection |
| CVE-2021-24702 | 2021-10-18 | LearnPress < 4.1.3.1 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24732 | 2021-10-18 | Dflip Lite < 1.7.10 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24734 | 2021-10-18 | Compact WP Audio Player < 1.9.7 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-24735 | 2021-10-18 | Compact WP Audio Player < 1.9.7 - Setting Change via CSRF |
| CVE-2021-24736 | 2021-10-18 | Shared Files < 1.6.57 - Admin+ Stored Cross-Site Scripting |
| CVE-2021-24740 | 2021-10-18 | Tutor LMS < 1.9.9 - Multiple Admin+ Stored Cross-Site Scripting |
| CVE-2021-24743 | 2021-10-18 | Podcast Subscribe Buttons < 1.4.2 - Contributor+ Stored XSS |
| CVE-2021-24752 | 2021-10-18 | Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change |
| CVE-2021-24754 | 2021-10-18 | MainWP Child Reports < 2.0.8 - Admin+ SQL Injection |
| CVE-2021-24760 | 2021-10-18 | Gutenberg PDF Viewer Block < 1.0.1 - Contributor+ Stored Cross-Site Scripting |
| CVE-2021-32609 | 2021-10-18 | XSS vulnerability on Explore page |
| CVE-2021-41971 | 2021-10-18 | Possible SQL Injection when template processing is enabled |
| CVE-2021-42576 | 2021-10-18 | The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. |
| CVE-2021-42575 | 2021-10-18 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. |
| CVE-2021-36513 | 2021-10-18 | An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value. |
| CVE-2021-42055 | 2021-10-18 | ASUSTek ZenBook Pro Due 15 UX582 laptop firmware through 203 has Insecure Permissions that allow attacks by a physically proximate attacker. |
| CVE-2021-29878 | 2021-10-18 | IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the... |
| CVE-2021-23449 | 2021-10-18 | Sandbox Bypass |
| CVE-2021-41151 | 2021-10-18 | Path Traversal in @backstage/plugin-scaffolder-backend |
| CVE-2021-42650 | 2021-10-18 | Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. |
| CVE-2021-41152 | 2021-10-18 | Path Traversal in Folder Component Leading to Local File Inclusion |
| CVE-2021-41153 | 2021-10-18 | Specification non-compliance in JUMPI |
| CVE-2021-41156 | 2021-10-18 | Reflected XSS vulnerability |
| CVE-2021-41155 | 2021-10-18 | SQL injection in CVS revisions browser |
| CVE-2021-41154 | 2021-10-18 | SQL injection in the "SVN core" commits browser |
| CVE-2021-37136 | 2021-10-19 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The... |
| CVE-2021-37137 | 2021-10-19 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk... |
| CVE-2021-20836 | 2021-10-19 | Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening a specially crafted SCS project files. |
| CVE-2021-25968 | 2021-10-19 | OpenCMS - Stored Cross-Site Scripting (XSS) in Sitemap |
| CVE-2021-42261 | 2021-10-19 | Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are... |
| CVE-2021-36512 | 2021-10-19 | An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value. |
| CVE-2021-38474 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38470 | 2021-10-19 | InHand Networks IR615 Router |
| CVE-2021-38468 | 2021-10-19 | InHand Networks IR615 Router |