CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2011-4126 367 2021-10-27 2021-11-01
9.3
None Remote Medium Not required Complete Complete Complete
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
1702 CVE-2011-4125 426 2021-10-27 2021-11-01
10.0
None Remote Low Not required Complete Complete Complete
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
1703 CVE-2011-4124 20 2021-10-27 2021-11-01
10.0
None Remote Low Not required Complete Complete Complete
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
1704 CVE-2011-4119 377 2021-10-26 2021-10-29
7.5
None Remote Low Not required Partial Partial Partial
caml-light <= 0.75 uses mktemp() insecurely, and also does unsafe things in /tmp during make install.
1705 CVE-2011-2195 78 Exec Code 2021-10-26 2021-10-29
9.3
None Remote Medium Not required Complete Complete Complete
A flaw was found in WebSVN 2.3.2. Without prior authentication, if the 'allowDownload' option is enabled in config.php, an attacker can invoke the dl.php script and pass a well formed 'path' argument to execute arbitrary commands against the underlying operating system.
1706 CVE-2011-1497 79 XSS 2021-10-19 2021-10-22
4.3
None Remote Medium Not required None Partial None
A cross-site scripting vulnerability flaw was found in the auto_link function in Rails before version 3.0.6.
1707 CVE-2011-1075 362 2021-10-19 2021-11-29
4.3
None Remote Medium Not required Partial None None
FreeBSD's crontab calculates the MD5 sum of the previous and new cronjob to determine if any changes have been made before copying the new version in. In particular, it uses the MD5File() function, which takes a pathname as an argument, and is called with euid 0. A race condition in this process may lead to an arbitrary MD5 comparison regardless of the read permissions.
1708 CVE-2010-2496 287 2021-10-18 2021-10-21
2.1
None Local Low Not required Partial None None
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.