CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43057 416 Mem. Corr. 2021-10-28 2021-11-29
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
2 CVE-2021-42840 434 Exec Code 2021-10-22 2021-11-30
9.0
None Remote Low ??? Complete Complete Complete
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
3 CVE-2021-42771 22 Exec Code Dir. Trav. 2021-10-20 2021-12-14
7.2
None Local Low Not required Complete Complete Complete
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
4 CVE-2021-42740 77 2021-10-21 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.
5 CVE-2021-42576 20 2021-10-18 2021-10-26
7.5
None Remote Low Not required Partial Partial Partial
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
6 CVE-2021-42575 20 2021-10-18 2021-10-22
7.5
None Remote Low Not required Partial Partial Partial
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
7 CVE-2021-42342 434 2021-10-14 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
8 CVE-2021-42325 89 Sql 2021-10-12 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
9 CVE-2021-42224 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
10 CVE-2021-42169 89 Sql Bypass 2021-10-22 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.
11 CVE-2021-42109 269 2021-10-08 2021-10-19
10.0
None Remote Low Not required Complete Complete Complete
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
12 CVE-2021-42097 352 +Priv CSRF 2021-10-21 2021-11-05
8.5
None Remote Medium ??? Complete Complete Complete
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover).
13 CVE-2021-42094 77 2021-10-07 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
14 CVE-2021-42090 502 Exec Code 2021-10-07 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
15 CVE-2021-42071 78 Exec Code 2021-10-07 2021-10-15
10.0
None Remote Low Not required Complete Complete Complete
In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header.
16 CVE-2021-42013 22 Exec Code Dir. Trav. 2021-10-07 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. If files outside of these directories are not protected by the usual default configuration "require all denied", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution. This issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.
17 CVE-2021-41868 2021-10-04 2021-10-12
7.5
None Remote Low Not required Partial Partial Partial
OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to upload files on a non-public node when using the --receive functionality.
18 CVE-2021-41862 74 Exec Code 2021-10-02 2021-10-13
7.5
None Remote Low Not required Partial Partial Partial
AviatorScript through 5.2.7 allows code execution via an expression that is encoded with Byte Code Engineering Library (BCEL).
19 CVE-2021-41745 434 2021-10-22 2021-10-27
7.5
None Remote Low Not required Partial Partial Partial
ShowDoc 2.8.3 ihas a file upload vulnerability, where attackers can use the vulnerability to obtain server permissions.
20 CVE-2021-41744 77 2021-10-22 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
All versions of yongyou PLM are affected by a command injection issue. UFIDA PLM (Product Life Cycle Management) is a strategic management method. It applies a series of enterprise application systems to support the entire process from conceptual design to the end of product life, and the collaborative creation, distribution, application and management of product information across organizations. Yonyou PLM uses jboss by default, and you can access the management control background without authorization An attacker can use this vulnerability to gain server permissions.
21 CVE-2021-41676 89 Sql 2021-10-29 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.
22 CVE-2021-41674 89 Sql 2021-10-29 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in Sourcecodester E-Negosyo System 1.0 via the user_email parameter in /admin/login.php.
23 CVE-2021-41649 89 Sql 2021-10-01 2021-11-05
7.5
None Remote Low Not required Partial Partial Partial
An un-authenticated SQL Injection exists in PuneethReddyHC online-shopping-system-advanced through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.
24 CVE-2021-41646 434 Exec Code Bypass 2021-10-29 2021-12-16
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..
25 CVE-2021-41644 434 Bypass 2021-10-29 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
26 CVE-2021-41643 434 Exec Code 2021-10-29 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.
27 CVE-2021-41619 94 Exec Code 2021-10-27 2021-11-03
9.0
None Remote Low ??? Complete Complete Complete
An issue was discovered in Gradle Enterprise before 2021.1.2. There is potential remote code execution via the application startup configuration. The installation configuration user interface (available to administrators) allows specifying arbitrary Java Virtual Machine startup options. Some of these options, such as -XX:OnOutOfMemoryError, allow specifying a command to be run on the host. This can be abused to run arbitrary commands on the host, should an attacker gain administrative access to the application.
28 CVE-2021-41593 863 2021-10-04 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
Lightning Labs lnd before 0.13.3-beta allows loss of funds because of dust HTLC exposure.
29 CVE-2021-41592 863 2021-10-04 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
30 CVE-2021-41591 863 2021-10-04 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
31 CVE-2021-41589 732 Exec Code 2021-10-27 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is potential cache poisoning and remote code execution when running the build cache node with its default configuration. This configuration allows anonymous access to the configuration user interface and anonymous write access to the build cache. If access control to the build cache is not changed from the default open configuration, a malicious actor with network access can populate the cache with manipulated entries that may execute malicious code as part of a build process. This applies to the build cache provided with Gradle Enterprise and the separate build cache node service if used. If access control to the user interface is not changed from the default open configuration, a malicious actor can undo build cache access control in order to populate the cache with manipulated entries that may execute malicious code as part of a build process. This does not apply to the build cache provided with Gradle Enterprise, but does apply to the separate build cache node service if used.
32 CVE-2021-41566 434 Exec Code 2021-10-08 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.
33 CVE-2021-41553 384 2021-10-05 2021-10-09
7.5
None Remote Low Not required Partial Partial Partial
** UNSUPPORTED WHEN ASSIGNED ** In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the testers to modify the application logic. It is also possible to set the value of the session token, client-side, simply by making an unauthenticated GET Request to the Home Page and adding an arbitrary value to the JSESSIONID field. The application, following the login, does not assign a new token, continuing to keep the inserted one, as the identifier of the entire session. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020.
34 CVE-2021-41546 400 2021-10-12 2021-10-19
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.14.1), RUGGEDCOM ROX RX1400 (All versions < V2.14.1), RUGGEDCOM ROX RX1500 (All versions < V2.14.1), RUGGEDCOM ROX RX1501 (All versions < V2.14.1), RUGGEDCOM ROX RX1510 (All versions < V2.14.1), RUGGEDCOM ROX RX1511 (All versions < V2.14.1), RUGGEDCOM ROX RX1512 (All versions < V2.14.1), RUGGEDCOM ROX RX1524 (All versions < V2.14.1), RUGGEDCOM ROX RX1536 (All versions < V2.14.1), RUGGEDCOM ROX RX5000 (All versions < V2.14.1). Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.
35 CVE-2021-41511 89 Sql Bypass 2021-10-04 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.
36 CVE-2021-41345 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.
37 CVE-2021-41335 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Windows Kernel Elevation of Privilege Vulnerability
38 CVE-2021-41285 269 2021-10-04 2021-10-13
7.2
None Local Low Not required Complete Complete Complete
Ballistix MOD Utility through 2.0.2.5 is vulnerable to privilege escalation in the MODAPI.sys driver component. The vulnerability is triggered by sending a specific IOCTL request that allows low-privileged users to directly interact with physical memory via the MmMapIoSpace function call (mapping physical memory into a virtual address space). Attackers could exploit this issue to achieve local privilege escalation to NT AUTHORITY\SYSTEM.
39 CVE-2021-41189 863 2021-10-29 2021-11-03
9.0
None Remote Low ??? Complete Complete Complete
DSpace is an open source turnkey repository application. In version 7.0, any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only exists in 7.0 and does not impact 6.x or below. This issue is patched in version 7.1. As a workaround, users of 7.0 may temporarily disable the ability for community or collection administrators to manage permissions or workflows settings.
40 CVE-2021-41163 74 Exec Code 2021-10-20 2021-10-26
7.5
None Remote Low Not required Partial Partial Partial
Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribe_url values. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. To workaround the issue without updating, requests with a path starting /webhooks/aws path could be blocked at an upstream proxy.
41 CVE-2021-41153 670 2021-10-18 2021-10-22
7.5
None Remote Low Not required Partial Partial Partial
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. This is a **high** severity security advisory if you use `evm` crate for Ethereum mainnet. In this case, you should update your library dependency immediately to on or after `0.31.0`. This is a **low** severity security advisory if you use `evm` crate in Frontier or in a standalone blockchain, because there's no security exploit possible with this advisory. It is **not** recommended to update to on or after `0.31.0` until all the normal chain upgrade preparations have been done. If you use Frontier or other `pallet-evm` based Substrate blockchain, please ensure to update your `spec_version` before updating this. For other blockchains, please make sure to follow a hard-fork process before you update this.
42 CVE-2021-41149 22 Dir. Trav. 2021-10-19 2021-10-25
8.5
None Remote Low ??? None Complete Complete
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached or saved, files could be overwritten with arbitrary content anywhere on the system. A fix is available in version 0.12.0. No workarounds to this issue are known.
43 CVE-2021-41131 22 Dir. Trav. 2021-10-19 2021-10-22
8.8
None Remote Medium Not required None Complete Complete
python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.
44 CVE-2021-41116 77 2021-10-05 2021-10-09
7.5
None Remote Low Not required Partial Partial Partial
Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install untrusted dependencies are subject to command injection and should upgrade their composer version. Other OSs and WSL are not affected. The issue has been resolved in composer versions 1.10.23 and 2.1.9. There are no workarounds for this issue.
45 CVE-2021-41110 502 2021-10-01 2021-10-08
7.5
None Remote Low Not required Partial Partial Partial
cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de (dated 2021-09-30) contains a patch. There are no available workarounds aside from installing the patch. The SnakeYaml constructor, by default, allows any data to be parsed. To fix the issue the object needs to be created with a `SafeConstructor` object, as seen in the patch.
46 CVE-2021-41103 22 Dir. Trav. 2021-10-04 2021-11-28
7.2
None Local Low Not required Complete Complete Complete
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.
47 CVE-2021-41100 613 2021-10-04 2021-10-12
7.5
None Remote Low Not required Partial Partial Partial
Wire-server is the backing server for the open source wire secure messaging application. In affected versions it is possible to trigger email address change of a user with only the short-lived session token in the `Authorization` header. As the short-lived token is only meant as means of authentication by the client for less critical requests to the backend, the ability to change the email address with a short-lived token constitutes a privilege escalation attack. Since the attacker can change the password after setting the email address to one that they control, changing the email address can result in an account takeover by the attacker. Short-lived tokens can be requested from the backend by Wire clients using the long lived tokens, after which the long lived tokens can be stored securely, for example on the devices key chain. The short lived tokens can then be used to authenticate the client towards the backend for frequently performed actions such as sending and receiving messages. While short-lived tokens should not be available to an attacker per-se, they are used more often and in the shape of an HTTP header, increasing the risk of exposure to an attacker relative to the long-lived tokens, which are stored and transmitted in cookies. If you are running an on-prem instance and provision all users with SCIM, you are not affected by this issue (changing email is blocked for SCIM users). SAML single-sign-on is unaffected by this issue, and behaves identically before and after this update. The reason is that the email address used as SAML NameID is stored in a different location in the databse from the one used to contact the user outside wire. Version 2021-08-16 and later provide a new end-point that requires both the long-lived client cookie and `Authorization` header. The old end-point has been removed. If you are running an on-prem instance with at least some of the users invited or provisioned via SAML SSO and you cannot update then you can block `/self/email` on nginz (or in any other proxies or firewalls you may have set up). You don't need to discriminate by verb: `/self/email` only accepts `PUT` and `DELETE`, and `DELETE` is almost never used.
48 CVE-2021-41093 285 2021-10-04 2021-10-12
7.5
None Remote Low Not required Partial Partial Partial
Wire is an open source secure messenger. In affected versions if the an attacker gets an old but valid access token they can take over an account by changing the email. This issue has been resolved in version 3.86 which uses a new endpoint which additionally requires an authentication cookie. See wire-ios-sync-engine and wire-ios-transport references. This is the root advisory that pulls the changes together.
49 CVE-2021-41075 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
The NetFlow Analyzer in Zoho ManageEngine OpManger before 125455 is vulnerable to SQL Injection in the Attacks Module API.
50 CVE-2021-41035 2021-10-25 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.
Total number of vulnerabilities : 307   Page : 1 (This Page)2 3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.