CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1251 CVE-2021-24381 79 XSS 2021-10-25 2021-10-28
3.5
None Remote Medium ??? None Partial None
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
1252 CVE-2021-24021 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks.
1253 CVE-2021-24019 613 +Priv 2021-10-06 2021-10-14
7.5
None Remote Low Not required Partial Partial Partial
An insufficient session expiration vulnerability [CWE- 613] in FortiClientEMS versions 6.4.2 and below, 6.2.8 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
1254 CVE-2021-23893 269 +Priv 2021-10-01 2021-10-07
4.6
None Local Low Not required Partial Partial Partial
Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.
1255 CVE-2021-23877 269 2021-10-26 2021-10-28
7.2
None Local Low Not required Complete Complete Complete
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.
1256 CVE-2021-23858 522 2021-10-04 2021-10-14
7.8
None Remote Low Not required Complete None None
Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.
1257 CVE-2021-23857 287 2021-10-04 2021-10-14
10.0
None Remote Low Not required Complete Complete Complete
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.
1258 CVE-2021-23856 79 XSS 2021-10-04 2021-10-08
4.3
None Remote Medium Not required None Partial None
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL.
1259 CVE-2021-23855 916 2021-10-04 2021-10-12
5.0
None Remote Low Not required Partial None None
The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.
1260 CVE-2021-23452 915 2021-10-20 2021-10-25
7.5
None Remote Low Not required Partial Partial Partial
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
1261 CVE-2021-23449 915 Exec Code 2021-10-18 2021-11-04
7.5
None Remote Low Not required Partial Partial Partial
This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine.
1262 CVE-2021-23448 913 2021-10-11 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.
1263 CVE-2021-23447 79 XSS Bypass 2021-10-07 2021-10-15
4.3
None Remote Medium Not required None Partial None
This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string).
1264 CVE-2021-23139 476 2021-10-21 2021-10-26
5.0
None Remote Low Not required None None Partial
A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.
1265 CVE-2021-22964 601 2021-10-14 2021-10-20
6.8
None Remote Medium Not required Partial Partial Partial
A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed by a domain: `http://localhost:3000//a//youtube.com/%2e%2e%2f%2e%2e`.A DOS vulnerability is possible if the URL contains invalid characters `curl --path-as-is "http://localhost:3000//^/.."`The issue shows up on all the `fastify-static` applications that set `redirect: true` option. By default, it is `false`.
1266 CVE-2021-22963 601 2021-10-14 2021-10-20
5.8
None Remote Medium Not required Partial Partial None
A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000//google.com/%2e%2e.The issue shows up on all the fastify-static applications that set redirect: true option. By default, it is false.
1267 CVE-2021-22961 94 Exec Code 2021-10-18 2021-10-21
7.5
None Remote Low Not required Partial Partial Partial
A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution.
1268 CVE-2021-22958 918 Bypass 2021-10-07 2021-11-01
7.5
None Remote Low Not required Partial Partial Partial
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0 AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
1269 CVE-2021-22942 601 2021-10-18 2021-12-22
5.8
None Remote Medium Not required Partial Partial None
A possible open redirect vulnerability in the Host Authorization middleware in Action Pack >= 6.0.0 that could allow attackers to redirect users to a malicious website.
1270 CVE-2021-22930 416 Mem. Corr. 2021-10-07 2021-12-03
7.5
None Remote Low Not required Partial Partial Partial
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
1271 CVE-2021-22557 94 Exec Code 2021-10-04 2021-10-14
6.8
None Remote Medium Not required Partial Partial Partial
SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173
1272 CVE-2021-22491 20 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service availability.
1273 CVE-2021-22490 287 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is a Permission verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect the device performance.
1274 CVE-2021-22488 668 2021-10-28 2021-11-01
5.0
None Remote Low Not required None Partial None
There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups.
1275 CVE-2021-22487 125 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is an Out-of-bounds read vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect service availability.
1276 CVE-2021-22486 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is a issue of Unstandardized field names in Huawei Smartphone. Successful exploitation of this vulnerability may affect service confidentiality.
1277 CVE-2021-22485 2021-10-28 2021-11-01
5.0
None Remote Low Not required Partial None None
There is a SSID vulnerability with Wi-Fi network connections in Huawei devices.Successful exploitation of this vulnerability may affect service confidentiality.
1278 CVE-2021-22483 2021-10-28 2021-11-01
5.0
None Remote Low Not required None None Partial
There is a issue of IP address spoofing in Huawei Smartphone. Successful exploitation of this vulnerability may cause DoS.
1279 CVE-2021-22482 909 2021-10-28 2021-11-02
5.0
None Remote Low Not required None Partial None
There is an Uninitialized variable vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause transmission of invalid data.
1280 CVE-2021-22481 2021-10-28 2021-11-02
5.0
None Remote Low Not required Partial None None
There is a Verification errors vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
1281 CVE-2021-22475 276 2021-10-28 2021-11-02
5.0
None Remote Low Not required Partial None None
There is an Improper permission management vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
1282 CVE-2021-22474 119 Overflow 2021-10-28 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
There is an Out-of-bounds memory access in Huawei Smartphone.Successful exploitation of this vulnerability may cause process exceptions.
1283 CVE-2021-22473 287 2021-10-28 2021-11-02
5.0
None Remote Low Not required Partial None None
There is an Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
1284 CVE-2021-22472 2021-10-28 2021-11-02
5.0
None Remote Low Not required Partial None None
There is an Improper verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality.
1285 CVE-2021-22471 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
1286 CVE-2021-22470 269 2021-10-28 2021-11-01
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain.
1287 CVE-2021-22469 125 2021-10-28 2021-11-01
3.6
None Local Low Not required Partial None Partial
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause kernel out-of-bounds read.
1288 CVE-2021-22468 863 +Info 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability. Local attackers may exploit this vulnerability to cause kernel address leakage.
1289 CVE-2021-22467 20 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
1290 CVE-2021-22466 416 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Use After Free vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
1291 CVE-2021-22465 120 Overflow 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Heap-based Buffer Overflow vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
1292 CVE-2021-22464 125 2021-10-28 2021-11-01
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Out-of-bounds Read vulnerability. Local attackers may exploit this vulnerability to cause system Soft Restart.
1293 CVE-2021-22463 416 2021-10-28 2021-11-01
2.1
None Local Low Not required Partial None None
A component of the HarmonyOS has a Use After Free vulnerability . Local attackers may exploit this vulnerability to cause Kernel Information disclosure.
1294 CVE-2021-22462 476 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause kernel crash.
1295 CVE-2021-22461 770 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Allocation of Resources Without Limits or Throttling vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
1296 CVE-2021-22460 345 Bypass 2021-10-28 2021-11-02
2.1
None Local Low Not required None Partial None
A component of the HarmonyOS has a Insufficient Verification of Data Authenticity vulnerability. Local attackers may exploit this vulnerability to bypass the control mechanism.
1297 CVE-2021-22459 476 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a NULL Pointer Dereference vulnerability. Local attackers may exploit this vulnerability to cause System functions which are unavailable.
1298 CVE-2021-22458 119 Exec Code Overflow 2021-10-28 2021-11-02
4.6
None Local Low Not required Partial Partial Partial
A component of the HarmonyOS has a Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. Local attackers may exploit this vulnerability to cause arbitrary code execution.
1299 CVE-2021-22457 20 2021-10-28 2021-11-01
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause out-of-bounds write.
1300 CVE-2021-22456 2021-10-28 2021-11-02
2.1
None Local Low Not required None None Partial
A component of the HarmonyOS has a Data Processing Errors vulnerability. Local attackers may exploit this vulnerability to cause Kernel System unavailable.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 (This Page)27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.