CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2020-21652 94 Exec Code 2021-10-06 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method.
1652 CVE-2020-21651 94 Exec Code 2021-10-06 2021-10-15
7.5
None Remote Low Not required Partial Partial Partial
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method.
1653 CVE-2020-21650 94 Exec Code 2021-10-06 2021-10-14
6.5
None Remote Low ??? Partial Partial Partial
Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method.
1654 CVE-2020-21649 918 2021-10-06 2021-10-14
5.5
None Remote Low ??? Partial Partial None
Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method.
1655 CVE-2020-21648 2021-10-06 2021-10-14
6.4
None Remote Low Not required None Partial Partial
WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php.
1656 CVE-2020-21506 79 XSS 2021-10-05 2021-10-14
4.3
None Remote Medium Not required None Partial None
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.
1657 CVE-2020-21505 79 XSS 2021-10-05 2021-10-14
4.3
None Remote Medium Not required None Partial None
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.
1658 CVE-2020-21504 79 XSS 2021-10-05 2021-10-14
4.3
None Remote Medium Not required None Partial None
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login.
1659 CVE-2020-21503 668 2021-10-05 2021-10-14
5.0
None Remote Low Not required None Partial None
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free.
1660 CVE-2020-21496 79 XSS 2021-10-04 2021-10-13
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitebrief parameter.
1661 CVE-2020-21495 79 XSS 2021-10-04 2021-10-13
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the component /admin/?setting-base.htm of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via the sitename parameter.
1662 CVE-2020-21494 79 XSS 2021-10-04 2021-10-13
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the component install\install.sql of Xiuno BBS 4.0.4 allows attackers to execute arbitrary web scripts or HTML via changing the doctype value to 0.
1663 CVE-2020-21493 2021-10-04 2021-10-13
5.0
None Remote Low Not required Partial None None
An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames.
1664 CVE-2020-21434 79 XSS 2021-10-04 2021-10-07
3.5
None Remote Medium ??? None Partial None
Maccms 10 contains a cross-site scripting (XSS) vulnerability in the Editing function under the Member module. This vulnerability is exploited via a crafted payload in the nickname text field.
1665 CVE-2020-21431 2021-10-04 2021-10-13
5.5
None Remote Low ??? Partial Partial None
HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit.
1666 CVE-2020-21387 79 XSS 2021-10-04 2021-10-07
4.3
None Remote Medium Not required None Partial None
A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.
1667 CVE-2020-21386 352 +Priv CSRF 2021-10-04 2021-10-07
6.8
None Remote Medium Not required Partial Partial Partial
A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.
1668 CVE-2020-21250 89 Sql 2021-10-27 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
1669 CVE-2020-21228 79 XSS 2021-10-01 2021-10-07
4.3
None Remote Medium Not required None Partial None
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
1670 CVE-2020-21014 732 2021-10-01 2021-10-08
5.5
None Remote Low ??? None Partial Partial
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
1671 CVE-2020-21013 89 Sql 2021-10-01 2021-10-08
6.5
None Remote Low ??? Partial Partial Partial
emlog v6.0.0 contains a SQL injection via /admin/comment.php.
1672 CVE-2020-21012 89 Exec Code Sql 2021-10-01 2021-10-08
7.5
None Remote Low Not required Partial Partial Partial
Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
1673 CVE-2020-20908 79 XSS 2021-10-25 2021-10-28
3.5
None Remote Medium ??? None Partial None
Akaunting v1.3.17 was discovered to contain a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Company Name input field.
1674 CVE-2020-19964 352 CSRF 2021-10-14 2021-10-19
4.3
None Remote Medium Not required None Partial None
A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication.
1675 CVE-2020-19962 79 XSS 2021-10-14 2021-10-19
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting (XSS) vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts.
1676 CVE-2020-19961 89 Sql 2021-10-14 2021-10-19
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
1677 CVE-2020-19960 89 Sql 2021-10-14 2021-10-19
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
1678 CVE-2020-19959 89 Sql 2021-10-14 2021-10-19
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
1679 CVE-2020-19957 89 Sql 2021-10-14 2021-10-19
5.0
None Remote Low Not required Partial None None
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
1680 CVE-2020-19954 611 2021-10-14 2021-10-20
5.0
None Remote Low Not required Partial None None
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
1681 CVE-2020-19003 287 Bypass 2021-10-06 2021-10-14
5.0
None Remote Low Not required None Partial None
An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list.
1682 CVE-2020-15941 22 Dir. Trav. 2021-10-06 2021-10-14
5.5
None Remote Low ??? None Partial Partial
A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4.1 and below; 6.2.8 and below may allow an authenticated attacker to inject directory traversal character sequences to add/delete the files of the server via the name parameter of Deployment Packages.
1683 CVE-2020-14264 327 2021-10-25 2021-10-28
2.1
None Local Low Not required Partial None None
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
1684 CVE-2020-14263 326 2021-10-21 2021-11-03
2.1
None Local Low Not required Partial None None
"HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"
1685 CVE-2020-12141 125 DoS 2021-10-19 2021-10-22
6.4
None Remote Low Not required Partial None Partial
An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier allows an attacker to cause a denial of service and potentially disclose information via crafted SNMP packets to snmp_ber_decode_string_len_buffer in os/net/app-layer/snmp/snmp-ber.c.
1686 CVE-2020-11303 668 2021-10-20 2021-10-26
5.0
None Remote Low Not required Partial None None
Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
1687 CVE-2020-10005 400 DoS 2021-10-28 2021-11-02
4.0
None Remote Low ??? None None Partial
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.
1688 CVE-2020-9897 787 Exec Code 2021-10-28 2021-11-02
6.8
None Remote Medium Not required Partial Partial Partial
An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.
1689 CVE-2020-8291 79 XSS 2021-10-18 2021-10-21
4.3
None Remote Medium Not required None Partial None
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
1690 CVE-2020-7875 494 Exec Code 2021-10-28 2021-11-01
6.8
None Remote Medium Not required Partial Partial Partial
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution.
1691 CVE-2020-7867 20 2021-10-27 2021-10-29
4.6
None Local Low Not required Partial Partial Partial
An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator.
1692 CVE-2020-5669 79 XSS 2021-10-26 2021-10-29
3.5
None Remote Medium ??? None Partial None
Cross-site scripting vulnerability in Movable Type Movable Type Premium 1.37 and earlier and Movable Type Premium Advanced 1.37 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors.
1693 CVE-2020-4951 200 +Info 2021-10-15 2021-11-17
2.1
None Local Low Not required Partial None None
IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information.
1694 CVE-2020-4654 863 +Info 2021-10-08 2021-10-15
4.0
None Remote Low ??? Partial None None
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.
1695 CVE-2019-19810 502 Exec Code 2021-10-28 2021-11-30
10.0
None Remote Low Not required Complete Complete Complete
Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
1696 CVE-2019-3556 22 Dir. Trav. 2021-10-26 2021-10-29
5.5
None Remote Low ??? None Partial Partial
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.
1697 CVE-2018-16061 79 XSS 2021-10-15 2021-10-21
4.3
None Remote Medium Not required None Partial None
Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php.
1698 CVE-2018-16060 425 +Info 2021-10-15 2021-10-21
5.0
None Remote Low Not required Partial None None
Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
1699 CVE-2017-20007 +Info 2021-10-25 2021-10-28
5.0
None Remote Low Not required Partial None None
Ingeteam INGEPAC DA AU AUC_1.13.0.28 (and before) web application allows access to a certain path that contains sensitive information that could be used by an attacker to execute more sophisticated attacks. An unauthenticated remote attacker with access to the deviceĀ“s web service could exploit this vulnerability in order to obtain different configuration files.
1700 CVE-2011-4574 338 2021-10-27 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
PolarSSL versions prior to v1.1 use the HAVEGE random number generation algorithm. At its heart, this uses timing information based on the processor's high resolution timer (the RDTSC instruction). This instruction can be virtualized, and some virtual machine hosts have chosen to disable this instruction, returning 0s or predictable results.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 (This Page)35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.