CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2021-0414 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561384; Issue ID: ALPS05561384.
1552 CVE-2021-0413 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561379; Issue ID: ALPS05561379.
1553 CVE-2021-0412 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561366; Issue ID: ALPS05561366.
1554 CVE-2021-0411 125 Overflow 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561362; Issue ID: ALPS05561362.
1555 CVE-2021-0410 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561360; Issue ID: ALPS05561360.
1556 CVE-2021-0409 125 2021-10-25 2021-10-26
2.1
None Local Low Not required Partial None None
In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05561359; Issue ID: ALPS05561359.
1557 CVE-2021-0299 755 DoS 2021-10-19 2021-10-26
7.1
None Remote Medium Not required None None Complete
An Improper Handling of Exceptional Conditions vulnerability in the processing of a transit or directly received malformed IPv6 packet in Juniper Networks Junos OS results in a kernel crash, causing the device to restart, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems with IPv6 configured. Devices with only IPv4 configured are not vulnerable to this issue. This issue affects Juniper Networks Junos OS: 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 19.4R1.
1558 CVE-2021-0298 362 DoS Exec Code 2021-10-19 2021-10-25
4.0
None Local High Not required None None Complete
A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command is executed coincident with other system events outside the attacker's control, leading to a Denial of Service (DoS) condition. Continued execution of the CLI command, under precise conditions, could create a sustained Denial of Service (DoS) condition. This issue affects all Juniper Networks Junos OS Evolved versions prior to 20.1R2-EVO on PTX10003 and PTX10008 platforms. Junos OS is not affected by this vulnerability.
1559 CVE-2021-0297 755 2021-10-19 2021-10-25
6.4
None Remote Low Not required Partial Partial None
A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does not have TCP MD5 authentication enabled. This could lead to untrusted or unauthorized sessions being established, resulting in an impact on confidentiality or stability of the network. This issue affects Juniper Networks Junos OS Evolved: All versions prior to 20.3R2-S1-EVO; 20.4 versions prior to 20.4R2-EVO; 21.1 versions prior to 21.1R2-EVO. Juniper Networks Junos OS is not affected by this issue.
1560 CVE-2021-0296 319 2021-10-19 2021-10-25
5.8
None Remote Medium Not required Partial Partial None
The Juniper Networks CTPView server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header which allows servers to indicate that content from the requested domain will only be served over HTTPS. The lack of HSTS may leave the system vulnerable to downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections. This issue affects Juniper Networks CTPView: 7.3 versions prior to 7.3R7; 9.1 versions prior to 9.1R3.
1561 CVE-2020-36502 79 XSS 2021-10-22 2021-10-28
4.3
None Remote Medium Not required None Partial None
Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.
1562 CVE-2020-36501 79 XSS 2021-10-22 2021-10-26
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
1563 CVE-2020-36499 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting (XSS) vulnerability in the content parameter of the Rubric Block (Add) module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value.
1564 CVE-2020-36498 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting (XSS) vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field.
1565 CVE-2020-36497 79 XSS 2021-10-22 2021-10-26
4.3
None Remote Medium Not required None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component makehtml_homepage.php via the `filename`, `mid`, `userid`, and `templet' parameters.
1566 CVE-2020-36496 79 XSS 2021-10-22 2021-10-26
4.3
None Remote Medium Not required None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component sys_admin_user_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
1567 CVE-2020-36495 79 XSS 2021-10-22 2021-10-26
4.3
None Remote Medium Not required None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `filename`, `mid`, `userid`, and `templet' parameters.
1568 CVE-2020-36494 79 XSS 2021-10-22 2021-10-26
4.3
None Remote Medium Not required None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component mychannel_edit.php via the `filename`, `mid`, `userid`, and `templet' parameters.
1569 CVE-2020-36493 79 XSS 2021-10-22 2021-10-26
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component media_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1570 CVE-2020-36492 79 XSS 2021-10-22 2021-10-26
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component select_media.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1571 CVE-2020-36491 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tags_main.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1572 CVE-2020-36490 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component file_manage_view.php via the `activepath`, `keyword`, `tag`, `fmdo=x&filename`, `CKEditor` and `CKEditorFuncNum` parameters.
1573 CVE-2020-36489 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Dropouts Technologies LLP Air Share v1.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the devicename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the devicename information.
1574 CVE-2020-36488 22 Dir. Trav. 2021-10-22 2021-10-28
4.0
None Remote Low ??? Partial None None
An issue in the FTP server of Sky File v2.1.0 allows attackers to perform directory traversal via `/null//` path commands.
1575 CVE-2020-36486 79 XSS 2021-10-22 2021-10-26
4.3
None Remote Medium Not required None Partial None
Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling.
1576 CVE-2020-36485 434 Exec Code 2021-10-22 2021-10-28
4.6
None Local Low Not required Partial Partial Partial
Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file.
1577 CVE-2020-36381 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1578 CVE-2020-36380 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1579 CVE-2020-36379 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1580 CVE-2020-36378 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1581 CVE-2020-36377 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1582 CVE-2020-36376 77 Exec Code 2021-10-31 2021-11-03
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
1583 CVE-2020-29629 125 2021-10-28 2021-11-02
4.3
None Remote Medium Not required Partial None None
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to read restricted memory.
1584 CVE-2020-29622 362 Exec Code 2021-10-19 2021-10-22
7.6
None Remote High Not required Complete Complete Complete
A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.
1585 CVE-2020-28969 120 DoS Overflow 2021-10-22 2021-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file.
1586 CVE-2020-28968 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setting - RADIUS Server Configuration module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the username input field.
1587 CVE-2020-28967 120 Overflow 2021-10-22 2021-10-28
9.0
None Remote Low ??? Complete Complete Complete
FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers.
1588 CVE-2020-28964 787 Overflow 2021-10-22 2021-10-28
7.2
None Local Low Not required Complete Complete Complete
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.
1589 CVE-2020-28963 120 Overflow 2021-10-22 2021-10-28
7.2
None Local Low Not required Complete Complete Complete
Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function.
1590 CVE-2020-28961 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component ./clients/client via the company name parameter.
1591 CVE-2020-28960 89 Sql 2021-10-22 2021-10-28
10.0
None Remote Low Not required Complete Complete Complete
Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.
1592 CVE-2020-28957 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields.
1593 CVE-2020-28956 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields.
1594 CVE-2020-28955 79 XSS 2021-10-22 2021-10-28
3.5
None Remote Medium ??? None Partial None
SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields.
1595 CVE-2020-28145 668 2021-10-12 2021-10-18
5.0
None Remote Low Not required Partial None None
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information.
1596 CVE-2020-28119 79 Exec Code XSS 2021-10-04 2021-10-08
4.3
None Remote Medium Not required None Partial None
Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.
1597 CVE-2020-27372 120 Overflow 2021-10-11 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
1598 CVE-2020-27304 22 Dir. Trav. 2021-10-21 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal
1599 CVE-2020-26707 77 Exec Code 2021-10-31 2021-11-02
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter.
1600 CVE-2020-26705 611 DoS 2021-10-31 2021-11-02
6.4
None Remote Low Not required Partial None Partial
The parseXML function in Easy-XML 0.5.0 was discovered to have a XML External Entity (XXE) vulnerability which allows for an attacker to expose sensitive data or perform a denial of service (DOS) via a crafted external entity entered into the XML content as input.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.