CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
651 CVE-2021-37199 787 2021-10-12 2021-10-19
7.8
None Remote Low Not required None None Complete
A vulnerability has been identified in SINUMERIK 808D (All versions), SINUMERIK 828D (All versions < V4.95). Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial-of-service in the device.
652 CVE-2021-37137 400 2021-10-19 2021-12-03
5.0
None Remote Low Not required None None Partial
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
653 CVE-2021-37136 400 2021-10-19 2021-12-03
5.0
None Remote Low Not required None None Partial
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
654 CVE-2021-37131 1236 2021-10-27 2021-10-29
6.0
None Remote Medium ??? Partial Partial Partial
There is a CSV injection vulnerability in ManageOne, iManager NetEco and iManager NetEco 6000. An attacker with high privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device.
655 CVE-2021-37130 22 Dir. Trav. 2021-10-27 2021-10-28
5.0
None Remote Low Not required Partial None None
There is a path traversal vulnerability in Huawei FusionCube 6.0.2.The vulnerability is due to that the software uses external input to construct a pathname that is intended to identify a directory that is located underneath a restricted parent directory, but the software does not properly validate the pathname. Successful exploit could allow the attacker to access a location that is outside of the restricted directory by a crafted filename.
656 CVE-2021-37129 787 DoS 2021-10-27 2021-10-28
5.0
None Remote Low Not required None None Partial
There is an out of bounds write vulnerability in some Huawei products. The vulnerability is caused by a function of a module that does not properly verify input parameter. Successful exploit could cause out of bounds write leading to a denial of service condition.Affected product versions include:IPS Module V500R005C00,V500R005C20;NGFW Module V500R005C00;NIP6600 V500R005C00,V500R005C20;S12700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600,V200R013C00SPC500,V200R019C00SPC200,V200R019C00SPC500,V200R019C10SPC200,V200R020C00,V200R020C10;S1700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S2700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S5700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600,V200R019C00SPC500;S6700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;S7700 V200R010C00SPC600,V200R010C00SPC700,V200R011C10SPC500,V200R011C10SPC600;S9700 V200R010C00SPC600,V200R011C10SPC500,V200R011C10SPC600;USG9500 V500R005C00,V500R005C20.
657 CVE-2021-37127 347 Bypass 2021-10-27 2021-10-28
9.0
None Remote Low ??? Complete Complete Complete
There is a signature management vulnerability in some huawei products. An attacker can forge signature and bypass the signature check. During firmware update process, successful exploit this vulnerability can cause the forged system file overwrite the correct system file. Affected product versions include:iManager NetEco V600R010C00CP2001,V600R010C00CP2002,V600R010C00SPC100,V600R010C00SPC110,V600R010C00SPC120,V600R010C00SPC200,V600R010C00SPC210,V600R010C00SPC300;iManager NetEco 6000 V600R009C00SPC100,V600R009C00SPC110,V600R009C00SPC120,V600R009C00SPC190,V600R009C00SPC200,V600R009C00SPC201,V600R009C00SPC202,V600R009C00SPC210.
658 CVE-2021-37124 22 Dir. Trav. 2021-10-27 2021-10-28
3.3
None Local Network Low Not required None Partial None
There is a path traversal vulnerability in Huawei PC product. Because the product does not filter path with special characters,attackers can construct a file path with special characters to exploit this vulnerability. Successful exploitation could allow the attacker to transport a file to certain path.Affected product versions include:PC Smart Full Scene 11.1 versions PCManager 11.1.1.97.
659 CVE-2021-37123 287 2021-10-11 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
There is an improper authentication vulnerability in Hero-CT060 before 1.0.0.200. The vulnerability is due to that when an user wants to do certain operation, the software does not insufficiently validate the user's identity. Successful exploit could allow the attacker to do certain operations which the user are supposed not to do.
660 CVE-2021-37122 416 2021-10-27 2021-10-28
3.3
None Local Network Low Not required None None Partial
There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.
661 CVE-2021-37002 119 Exec Code Overflow 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a Memory out-of-bounds access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause malicious code to be executed.
662 CVE-2021-37001 2021-10-28 2021-11-01
5.0
None Remote Low Not required None Partial None
There is a Register tampering vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow the register value to be modified.
663 CVE-2021-36999 120 Exec Code Overflow 2021-10-28 2021-11-01
6.8
None Remote Medium Not required Partial Partial Partial
There is a Buffer overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by sending malicious images and inducing users to open the images may cause remote code execution.
664 CVE-2021-36998 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to read an array that is out of bounds.
665 CVE-2021-36997 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is a Low memory error in Huawei Smartphone due to the unlimited size of images to be parsed.Successful exploitation of this vulnerability may cause the Gallery or Files app to exit unexpectedly.
666 CVE-2021-36996 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of certain virtual information.
667 CVE-2021-36995 2021-10-28 2021-11-01
5.0
None Remote Low Not required None Partial None
There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
668 CVE-2021-36994 362 2021-10-28 2021-11-01
4.3
None Remote Medium Not required None Partial None
There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
669 CVE-2021-36993 119 Overflow 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is a Memory leaks vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
670 CVE-2021-36992 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is a Public key verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
671 CVE-2021-36991 20 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is an Unauthorized file access vulnerability in Huawei Smartphone due to unstandardized path input.Successful exploitation of this vulnerability by creating malicious file paths can cause unauthorized file access.
672 CVE-2021-36990 276 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
673 CVE-2021-36989 276 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
674 CVE-2021-36988 2021-10-28 2021-11-01
5.0
None Remote Low Not required None Partial None
There is a Parameter verification issue in Huawei Smartphone.Successful exploitation of this vulnerability can affect service integrity.
675 CVE-2021-36987 362 2021-10-28 2021-11-01
7.1
None Remote Medium Not required None None Complete
There is a issue that nodes in the linked list being freed for multiple times in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause the system to restart.
676 CVE-2021-36986 269 2021-10-28 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions.
677 CVE-2021-36985 770 2021-10-28 2021-11-01
7.8
None Remote Low Not required None None Complete
There is a Code injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may exhaust system resources and cause the system to restart.
678 CVE-2021-36970 2021-10-13 2021-10-19
4.3
None Remote Medium Not required None Partial None
Windows Print Spooler Spoofing Vulnerability
679 CVE-2021-36953 DoS 2021-10-13 2021-10-19
5.0
None Remote Low Not required None None Partial
Windows TCP/IP Denial of Service Vulnerability
680 CVE-2021-36869 79 XSS 2021-10-21 2021-10-26
4.3
None Remote Medium Not required None Partial None
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <= 4.6.6). Vulnerable parameter: &post.
681 CVE-2021-36850 352 CSRF 2021-10-04 2021-10-08
4.3
None Remote Medium Not required None Partial None
Cross-Site Request Forgery (CSRF) vulnerability in WordPress Media File Renamer – Auto & Manual Rename plugin (versions <= 5.1.9). Affected parameters "post_title", "filename", "lock". This allows changing the uploaded media title, media file name, and media locking state.
682 CVE-2021-36832 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input.
683 CVE-2021-36808 362 Bypass 2021-10-30 2021-11-29
4.4
None Local Medium Not required Partial Partial Partial
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
684 CVE-2021-36767 916 2021-10-08 2022-01-01
7.5
None Remote Low Not required Partial Partial Partial
In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server.
685 CVE-2021-36756 295 2021-10-27 2021-11-04
6.4
None Remote Low Not required Partial Partial None
CFEngine Enterprise 3.15.0 through 3.15.4 has Missing SSL Certificate Validation.
686 CVE-2021-36551 79 XSS 2021-10-28 2021-11-02
3.5
None Remote Medium ??? None Partial None
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
687 CVE-2021-36550 79 XSS 2021-10-28 2021-11-02
3.5
None Remote Medium ??? None Partial None
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
688 CVE-2021-36548 434 Exec Code 2021-10-28 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
689 CVE-2021-36547 434 Exec Code 2021-10-28 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.
690 CVE-2021-36513 909 2021-10-18 2021-10-22
5.0
None Remote Low Not required Partial None None
An issue was discovered in function sofia_handle_sip_i_notify in sofia.c in SignalWire freeswitch before 1.10.6, may allow attackers to view sensitive information due to an uninitialized value.
691 CVE-2021-36512 908 2021-10-19 2021-10-25
5.0
None Remote Low Not required Partial None None
An issue was discovered in function scanallsubs in src/sbbs3/scansubs.cpp in Synchronet BBS, which may allow attackers to view sensitive information due to an uninitialized value.
692 CVE-2021-36389 639 2021-10-14 2021-10-20
5.0
None Remote Low Not required Partial None None
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIImage.i4".
693 CVE-2021-36388 639 2021-10-14 2021-10-20
5.0
None Remote Low Not required Partial None None
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through an Insecure Direct Object Reference vulnerability exploitable by sending a specially crafted HTTP GET request to the page "MIIAvatarImage.i4".
694 CVE-2021-36387 79 XSS 2021-10-14 2021-10-20
3.5
None Remote Medium ??? None Partial None
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page "ActivityStreamAjax.i4".
695 CVE-2021-36357 681 Bypass 2021-10-22 2021-10-27
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in OpenPOWER 2.6 firmware. unpack_timestamp() calls le32_to_cpu() for endian conversion of a uint16_t "year" value, resulting in a type mismatch that can truncate a higher integer value to a smaller one, and bypass a timestamp check. The fix is to use the right endian conversion function.
696 CVE-2021-36309 200 +Info 2021-10-01 2021-10-08
4.0
None Remote Low ??? Partial None None
Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. An authenticated malicious user with access to the system may use the TACACS\Radius credentials stored to read sensitive information and use it in further attacks.
697 CVE-2021-36298 327 Bypass 2021-10-01 2021-10-08
7.5
None Remote Low Not required Partial Partial Partial
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.
698 CVE-2021-36178 522 2021-10-06 2021-10-14
4.0
None Remote Low ??? Partial None None
A insufficiently protected credentials in Fortinet FortiSDNConnector version 1.1.7 and below allows attacker to disclose third-party devices credential information via configuration page lookup.
699 CVE-2021-36175 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device.
700 CVE-2021-36170 522 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 (This Page)15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.