CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2021-40719 502 Exec Code 2021-10-21 2021-11-30
7.5
None Remote Low Not required Partial Partial Partial
Adobe Connect version 11.2.3 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary method invocation when AMF messages are deserialized on an Adobe Connect server. An attacker can leverage this to execute remote code execution on the server.
352 CVE-2021-40683 428 2021-10-04 2021-10-12
4.4
None Local Medium Not required Partial Partial Partial
In Akamai EAA (Enterprise Application Access) Client before 2.3.1, 2.4.x before 2.4.1, and 2.5.x before 2.5.3, an unquoted path may allow an attacker to hijack the flow of execution.
353 CVE-2021-40618 89 Sql 2021-10-12 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in openSIS Classic 8.0 via the 1) ADDR_CONT_USRN, 2) ADDR_CONT_PSWD, 3) SECN_CONT_USRN or 4) SECN_CONT_PSWD parameters in HoldAddressFields.php.
354 CVE-2021-40617 89 Sql 2021-10-11 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
355 CVE-2021-40543 89 Sql 2021-10-11 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
Opensis-Classic Version 8.0 is affected by a SQL injection vulnerability due to a lack of sanitization of input data at two parameters $_GET['usrid'] and $_GET['prof_id'] in the PasswordCheck.php file.
356 CVE-2021-40542 79 Exec Code XSS 2021-10-11 2021-10-18
4.3
None Remote Medium Not required None Partial None
Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
357 CVE-2021-40541 79 XSS 2021-10-11 2021-10-15
4.3
None Remote Medium Not required None Partial None
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
358 CVE-2021-40527 312 2021-10-25 2021-10-28
5.0
None Remote Low Not required Partial None None
Exposure of senstive information to an unauthorised actor in the "com.onepeloton.erlich" mobile application up to and including version 1.7.22 allows a remote attacker to access developer files stored in an AWS S3 bucket, by reading credentials stored in plain text within the mobile application.
359 CVE-2021-40526 131 DoS Overflow 2021-10-25 2021-10-28
5.0
None Remote Low Not required None None Partial
Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lead to an Apple MFI device not being able to authenticate with the Peleton Bike
360 CVE-2021-40500 611 2021-10-12 2021-10-18
5.0
None Remote Low Not required Partial None None
SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.
361 CVE-2021-40499 94 Exec Code 2021-10-12 2021-10-18
7.5
None Remote Low Not required Partial Partial Partial
Client-side printing services SAP Cloud Print Manager and SAPSprint for SAP NetWeaver Application Server for ABAP - versions 7.70, 7.70 PI, 7.70 BYD, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
362 CVE-2021-40498 DoS 2021-10-12 2021-10-18
2.1
None Local Low Not required None None Partial
A vulnerability has been identified in SAP SuccessFactors Mobile Application for Android - versions older than 2108, which allows an attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service, which can lead to denial of service. The vulnerability is related to Android implementation methods that are widely used across Android mobile applications, and such methods are embedded into the SAP SuccessFactors mobile application. These Android methods begin executing once the user accesses their profile on the mobile application. While executing, it can also pick up the activities from other Android applications that are running in the background of the users device and are using the same types of methods in the application. Such vulnerability can also lead to phishing attacks that can be used for staging other types of attacks.
363 CVE-2021-40497 668 2021-10-12 2021-10-18
5.0
None Remote Low Not required Partial None None
SAP BusinessObjects Analysis (edition for OLAP) - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its version.
364 CVE-2021-40496 668 Exec Code 2021-10-12 2021-11-28
4.0
None Remote Low ??? Partial None None
SAP Internet Communication framework (ICM) - versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 785, allows an attacker with logon functionality, to exploit the authentication function by using POST and form field to repeat executions of the initial command by a GET request and exposing sensitive data. This vulnerability is normally exposed over the network and successful exploitation can lead to exposure of data like system details.
365 CVE-2021-40495 DoS 2021-10-12 2021-10-19
5.0
None Remote Low Not required None None Partial
There are multiple Denial-of Service vulnerabilities in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755. An unauthorized attacker can use the public SICF service /sap/public/bc/abap to reduce the performance of SAP NetWeaver Application Server ABAP and ABAP Platform.
366 CVE-2021-40493 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
Zoho ManageEngine OpManager before 125437 is vulnerable to SQL Injection in the support diagnostics module. This occurs via the pollingObject parameter of the getDataCollectionFailureReason API.
367 CVE-2021-40489 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-41345.
368 CVE-2021-40488 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40489, CVE-2021-41345.
369 CVE-2021-40487 Exec Code 2021-10-13 2021-11-04
6.5
None Remote Low ??? Partial Partial Partial
Microsoft SharePoint Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41344.
370 CVE-2021-40486 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Word Remote Code Execution Vulnerability
371 CVE-2021-40485 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40479.
372 CVE-2021-40484 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.
373 CVE-2021-40483 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.
374 CVE-2021-40482 2021-10-13 2021-10-19
5.0
None Remote Low Not required Partial None None
Microsoft SharePoint Server Information Disclosure Vulnerability
375 CVE-2021-40481 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40480.
376 CVE-2021-40480 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Office Visio Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40481.
377 CVE-2021-40479 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40474, CVE-2021-40485.
378 CVE-2021-40478 269 2021-10-13 2021-10-19
7.2
None Local Low Not required Complete Complete Complete
Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.
379 CVE-2021-40477 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Windows Event Tracing Elevation of Privilege Vulnerability
380 CVE-2021-40476 269 2021-10-13 2021-12-03
6.8
None Remote Medium Not required Partial Partial Partial
Windows AppContainer Elevation Of Privilege Vulnerability
381 CVE-2021-40475 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
382 CVE-2021-40474 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40473, CVE-2021-40479, CVE-2021-40485.
383 CVE-2021-40473 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40471, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
384 CVE-2021-40472 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Microsoft Excel Information Disclosure Vulnerability
385 CVE-2021-40471 Exec Code 2021-10-13 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Excel Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-40473, CVE-2021-40474, CVE-2021-40479, CVE-2021-40485.
386 CVE-2021-40470 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
DirectX Graphics Kernel Elevation of Privilege Vulnerability
387 CVE-2021-40469 Exec Code 2021-10-13 2021-10-19
6.5
None Remote Low ??? Partial Partial Partial
Windows DNS Server Remote Code Execution Vulnerability
388 CVE-2021-40468 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Windows Bind Filter Driver Information Disclosure Vulnerability
389 CVE-2021-40467 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40466.
390 CVE-2021-40466 269 2021-10-13 2021-10-19
4.6
None Local Low Not required Partial Partial Partial
Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40443, CVE-2021-40467.
391 CVE-2021-40465 Exec Code 2021-10-13 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Windows Text Shaping Remote Code Execution Vulnerability
392 CVE-2021-40464 269 2021-10-13 2021-11-17
5.2
None Local Network Low ??? Partial Partial Partial
Windows Nearby Sharing Elevation of Privilege Vulnerability
393 CVE-2021-40463 DoS 2021-10-13 2021-10-19
4.0
None Remote Low ??? None None Partial
Windows NAT Denial of Service Vulnerability
394 CVE-2021-40462 Exec Code 2021-10-13 2021-11-17
6.8
None Remote Medium Not required Partial Partial Partial
Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
395 CVE-2021-40461 Exec Code 2021-10-13 2021-10-19
5.2
None Local Network Low ??? Partial Partial Partial
Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
396 CVE-2021-40460 Bypass 2021-10-13 2021-10-19
4.0
None Remote Low ??? None Partial None
Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
397 CVE-2021-40457 79 XSS 2021-10-13 2021-10-19
4.3
None Remote Medium Not required None Partial None
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
398 CVE-2021-40456 Bypass 2021-10-13 2021-10-19
5.0
None Remote Low Not required Partial None None
Windows AD FS Security Feature Bypass Vulnerability
399 CVE-2021-40455 2021-10-13 2021-10-19
2.1
None Local Low Not required None Partial None
Windows Installer Spoofing Vulnerability
400 CVE-2021-40454 312 2021-10-13 2021-10-19
2.1
None Local Low Not required Partial None None
Rich Text Edit Control Information Disclosure Vulnerability
Total number of vulnerabilities : 1708   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.