CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2021-30807 Exec Code Mem. Corr. 2021-10-19 2021-10-20
9.3
None Remote Medium Not required Complete Complete Complete
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
1052 CVE-2021-30633 416 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
1053 CVE-2021-30632 787 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1054 CVE-2021-30630 668 2021-10-08 2021-11-23
4.3
None Remote Medium Not required Partial None None
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
1055 CVE-2021-30629 416 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
1056 CVE-2021-30628 787 Overflow 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
1057 CVE-2021-30627 843 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1058 CVE-2021-30626 787 Mem. Corr. 2021-10-08 2021-11-23
6.8
None Remote Medium Not required Partial Partial Partial
Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
1059 CVE-2021-30625 416 2021-10-08 2021-12-09
6.8
None Remote Medium Not required Partial Partial Partial
Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.
1060 CVE-2021-30359 427 2021-10-22 2021-10-27
7.2
None Local Low Not required Complete Complete Complete
The Harmony Browse and the SandBlast Agent for Browsers installers must have admin privileges to execute some steps during the installation. Because the MS Installer allows regular users to repair their installation, an attacker running an installer before 90.08.7405 can start the installation repair and place a specially crafted binary in the repair folder, which runs with the admin privileges.
1061 CVE-2021-30358 78 2021-10-19 2021-10-22
6.0
None Remote Medium ??? Partial Partial Partial
Mobile Access Portal Native Applications who's path is defined by the administrator with environment variables may run applications from other locations by the Mobile Access Portal Agent.
1062 CVE-2021-30316 119 Overflow 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible out of bound memory access due to improper boundary check while creating HSYNC fence in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
1063 CVE-2021-30315 416 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Improper handling of sensor HAL structure in absence of sensor can lead to use after free in Snapdragon Auto
1064 CVE-2021-30312 287 2021-10-20 2021-10-26
5.0
None Remote Low Not required Partial None None
Improper authentication of sub-frames of a multicast AMSDU frame can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
1065 CVE-2021-30310 20 Overflow 2021-10-20 2021-10-26
5.0
None Remote Low Not required None None Partial
Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music
1066 CVE-2021-30306 125 2021-10-20 2021-10-26
3.6
None Local Low Not required Partial None Partial
Possible buffer over read due to improper buffer allocation for file length passed from user space in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
1067 CVE-2021-30305 20 2021-10-20 2021-10-26
4.6
None Local Low Not required Partial Partial Partial
Possible out of bound access due to lack of validation of page offset before page is inserted in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
1068 CVE-2021-30304 125 2021-10-20 2021-10-26
6.4
None Remote Low Not required Partial None Partial
Possible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity
1069 CVE-2021-30302 287 2021-10-20 2021-10-26
5.0
None Remote Low Not required Partial None None
Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
1070 CVE-2021-30297 120 2021-10-20 2021-10-26
3.6
None Local Low Not required Partial None Partial
Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
1071 CVE-2021-30292 787 Mem. Corr. 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
1072 CVE-2021-30291 787 Mem. Corr. 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
1073 CVE-2021-30288 787 Overflow 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
1074 CVE-2021-30258 787 Overflow 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
1075 CVE-2021-30257 125 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
1076 CVE-2021-30256 787 Overflow 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
1077 CVE-2021-29912 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828.
1078 CVE-2021-29908 287 2021-10-06 2021-10-14
10.0
None Remote Low Not required Complete Complete Complete
The IBM TS7700 Management Interface is vulnerable to unauthenticated access. By accessing a specially-crafted URL, an attacker may gain administrative access to the Management Interface without authentication. IBM X-Force ID: 207747.
1079 CVE-2021-29906 2021-10-08 2021-10-15
1.9
None Local Medium Not required Partial None None
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
1080 CVE-2021-29903 89 Sql 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 207506.
1081 CVE-2021-29883 863 2021-10-21 2021-10-26
4.3
None Remote Medium Not required Partial None None
IBM Standards Processing Engine (IBM Transformation Extender Advanced 9.0 and 10.0) does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 207090.
1082 CVE-2021-29878 79 XSS 2021-10-18 2021-10-21
3.5
None Remote Medium ??? None Partial None
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.
1083 CVE-2021-29873 668 DoS +Info 2021-10-21 2021-10-26
5.5
None Remote Low ??? Partial None Partial
IBM Flash System 900 could allow an authenticated attacker to obtain sensitive information and cause a denial of service due to a restricted shell escape vulnerability. IBM X-Force ID: 206229.
1084 CVE-2021-29868 613 +Info 2021-10-27 2021-11-02
2.1
None Local Low Not required Partial None None
IBM i2 iBase 8.9.13 and 9.0.0 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 206213.
1085 CVE-2021-29855 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684.
1086 CVE-2021-29844 918 2021-10-27 2021-11-02
6.5
None Remote Low ??? Partial Partial Partial
IBM Jazz Team Server products is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
1087 CVE-2021-29837 352 CSRF 2021-10-06 2021-10-14
6.8
None Remote Medium Not required Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204913.
1088 CVE-2021-29836 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0. through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204912.
1089 CVE-2021-29835 79 XSS 2021-10-22 2021-10-25
4.3
None Remote Medium Not required None Partial None
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.
1090 CVE-2021-29798 89 Sql 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.1.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 203734.
1091 CVE-2021-29786 312 2021-10-27 2021-11-01
4.0
None Remote Low ??? Partial None None
IBM Jazz Team Server products stores user credentials in clear text which can be read by an authenticated user. IBM X-Force ID: 203172.
1092 CVE-2021-29774 269 2021-10-27 2021-10-29
6.0
None Remote Medium ??? Partial Partial Partial
IBM Jazz Team Server products could allow an authenticated user to obtain elevated privileges under certain configurations. IBM X-Force ID: 203025.
1093 CVE-2021-29764 79 XSS 2021-10-06 2021-11-06
3.5
None Remote Medium ??? None Partial None
IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 202268.
1094 CVE-2021-29761 200 +Info 2021-10-06 2021-10-08
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information from the dashboard that they should not have access to. IBM X-Force ID: 202265.
1095 CVE-2021-29760 863 2021-10-06 2021-10-08
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to download unauthorized files through the dashboard user interface. IBM X-Force ID: 202213.
1096 CVE-2021-29758 287 2021-10-06 2021-10-08
4.0
None Remote Low ??? None Partial None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authenticated user to perform actions that they should not be able to access due to improper access controls. IBM X-Force ID: 202169.
1097 CVE-2021-29745 269 2021-10-15 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to priviledge escalation where a lower evel user could have access to the 'New Job' page to which they should not have access to. IBM X-Force ID: 201695.
1098 CVE-2021-29713 79 XSS 2021-10-27 2021-10-29
3.5
None Remote Medium ??? None Partial None
IBM Jazz Team Server products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
1099 CVE-2021-29700 200 +Info 2021-10-07 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 could allow an authneticated attacker to obtain sensitive information from configuration files that could aid in further attacks against the system. IBM X-Force ID: 200656.
1100 CVE-2021-29679 94 Exec Code 2021-10-15 2021-11-17
6.5
None Remote Low ??? Partial Partial Partial
IBM Cognos Analytics 11.1.7 and 11.2.0 could allow an authenticated user to execute code remotely due to incorrectly neutralizaing user-contrlled input that could be interpreted a a server-side include (SSI) directive. IBM X-Force ID: 199915.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.