CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2021

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-43057 416 Mem. Corr. 2021-10-28 2021-11-29
7.2
None Local Low Not required Complete Complete Complete
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
2 CVE-2021-43056 2021-10-28 2021-11-28
4.9
None Local Low Not required None None Complete
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
3 CVE-2021-42840 434 Exec Code 2021-10-22 2021-11-30
9.0
None Remote Low ??? Complete Complete Complete
SuiteCRM before 7.11.19 allows remote code execution via the system settings Log File Name setting. In certain circumstances involving admin account takeover, logger_file_name can refer to an attacker-controlled PHP file under the web root, because only the all-lowercase PHP file extensions were blocked. NOTE: this issue exists because of an incomplete fix for CVE-2020-28328.
4 CVE-2021-42836 697 DoS 2021-10-22 2021-10-28
5.0
None Remote Low Not required None None Partial
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
5 CVE-2021-42771 22 Exec Code Dir. Trav. 2021-10-20 2021-10-26
7.2
None Local Low Not required Complete Complete Complete
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale .dat files (containing serialized Python objects) via directory traversal, leading to code execution.
6 CVE-2021-42766 DoS 2021-10-20 2021-10-26
6.4
None Remote Low Not required None Partial Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (long-range consensus chain reorganizations), even when this adversary has little stake and cannot influence network message propagation. This can cause a protocol stall, or an increase in the profits of individual validators.
7 CVE-2021-42765 DoS 2021-10-20 2021-10-26
5.0
None Remote Low Not required None None Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to leverage network delay to cause a denial of service (indefinite stalling of consensus decisions).
8 CVE-2021-42764 DoS 2021-10-20 2021-10-26
6.4
None Remote Low Not required None Partial Partial
The Proof-of-Stake (PoS) Ethereum consensus protocol through 2021-10-19 allows an adversary to cause a denial of service (delayed consensus decisions), and also increase the profits of individual validators, via short-range reorganizations of the underlying consensus chain.
9 CVE-2021-42762 Bypass 2021-10-20 2021-11-26
4.6
None Local Low Not required Partial Partial Partial
BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined. NOTE: this is similar to CVE-2021-41133.
10 CVE-2021-42740 77 2021-10-21 2021-10-28
7.5
None Remote Low Not required Partial Partial Partial
The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.
11 CVE-2021-42739 787 Overflow 2021-10-20 2021-11-18
4.6
None Local Low Not required Partial Partial Partial
The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking.
12 CVE-2021-42716 120 Overflow 2021-10-21 2021-11-26
6.4
None Remote Low Not required Partial None Partial
An issue was discovered in stb stb_image.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting to RGBA, leading to a buffer overflow when later reinterpreting the result as a 16-bit buffer. An attacker could potentially have crashed a service using stb_image, or read up to 1024 bytes of non-consecutive heap data without control over the read location.
13 CVE-2021-42715 835 DoS 2021-10-21 2021-11-26
4.3
None Remote Medium Not required None None Partial
An issue was discovered in stb stb_image.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An attacker could potentially have caused denial of service in applications using stb_image by submitting crafted HDR files.
14 CVE-2021-42650 79 XSS 2021-10-18 2021-10-21
4.3
None Remote Medium Not required None Partial None
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
15 CVE-2021-42576 20 2021-10-18 2021-10-26
7.5
None Remote Low Not required Partial Partial Partial
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
16 CVE-2021-42575 20 2021-10-18 2021-10-22
7.5
None Remote Low Not required Partial Partial Partial
The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
17 CVE-2021-42566 79 XSS 2021-10-18 2021-10-21
4.3
None Remote Medium Not required None Partial None
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
18 CVE-2021-42565 79 XSS 2021-10-18 2021-10-21
4.3
None Remote Medium Not required None Partial None
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
19 CVE-2021-42556 22 Dir. Trav. 2021-10-22 2021-10-28
4.3
None Remote Medium Not required None Partial None
Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
20 CVE-2021-42542 22 Dir. Trav. 2021-10-22 2021-10-27
6.5
None Remote Low ??? Partial Partial Partial
The affected product is vulnerable to directory traversal due to mishandling of provided backup folder structure.
21 CVE-2021-42540 123 2021-10-22 2021-10-28
6.5
None Remote Low ??? Partial Partial Partial
The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality.
22 CVE-2021-42539 306 2021-10-22 2021-10-27
6.5
None Remote Low ??? Partial Partial Partial
The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change.
23 CVE-2021-42538 77 2021-10-22 2021-10-27
6.5
None Remote Low ??? Partial Partial Partial
The affected product is vulnerable to a parameter injection via passphrase, which enables the attacker to supply uncontrolled input.
24 CVE-2021-42536 668 2021-10-22 2021-10-27
4.0
None Remote Low ??? Partial None None
The affected product is vulnerable to a disclosure of peer username and password by allowing all users access to read global variables.
25 CVE-2021-42534 79 XSS 2021-10-22 2021-10-27
4.3
None Remote Medium Not required None Partial None
The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.
26 CVE-2021-42369 89 Sql 2021-10-14 2021-10-21
6.5
None Remote Low ??? Partial Partial Partial
Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.
27 CVE-2021-42343 668 Exec Code 2021-10-26 2021-11-28
6.8
None Remote Medium Not required Partial Partial Partial
An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clusters started with dask.distributed.LocalCluster or dask.distributed.Client (which defaults to using LocalCluster) would mistakenly configure their respective Dask workers to listen on external interfaces (typically with a randomly selected high port) rather than only on localhost. A Dask cluster created using this method (when running on a machine that has an applicable port exposed) could be used by a sophisticated attacker to achieve remote code execution.
28 CVE-2021-42342 434 2021-10-14 2021-10-20
7.5
None Remote Low Not required Partial Partial Partial
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI scripts without being prefixed with the CGI prefix. This permits tunneling untrusted environment variables into vulnerable CGI scripts.
29 CVE-2021-42341 Mem. Corr. 2021-10-14 2021-10-20
5.0
None Remote Low Not required None None Partial
checkpath in OpenRC before 0.44.7 uses the direct output of strlen() to allocate strings, which does not account for the '\0' byte at the end of the string. This results in memory corruption. CVE-2021-42341 was introduced in git commit 63db2d99e730547339d1bdd28e8437999c380cae, which was introduced as part of OpenRC 0.44.0 development.
30 CVE-2021-42340 772 DoS 2021-10-14 2021-11-12
5.0
None Remote Low Not required None None Partial
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
31 CVE-2021-42336 285 Bypass +Info 2021-10-15 2021-10-20
4.0
None Remote Low ??? Partial None None
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters.
32 CVE-2021-42335 79 XSS 2021-10-15 2021-10-20
3.5
None Remote Medium ??? None Partial None
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.
33 CVE-2021-42334 89 Sql 2021-10-15 2021-10-20
6.5
None Remote Low ??? Partial Partial Partial
The Easytest contains SQL injection vulnerabilities. After obtaining a user’s privilege, remote attackers can inject SQL commands into the parameters of the elective course management page to obtain all database and administrator permissions.
34 CVE-2021-42333 89 Sql 2021-10-15 2021-10-20
6.5
None Remote Low ??? Partial Partial Partial
The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions.
35 CVE-2021-42332 285 2021-10-15 2021-10-20
4.0
None Remote Low ??? Partial None None
The “List View” function of ShinHer StudyOnline System is not under authority control. After logging in with user’s privilege, remote attackers can access the content of other users’ message boards by crafting URL parameters.
36 CVE-2021-42331 285 2021-10-15 2021-10-20
5.5
None Remote Low ??? Partial Partial None
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. After logging in with user’s privilege, remote attackers can access and edit other users’ tutorial schedule by crafting URL parameters.
37 CVE-2021-42330 285 2021-10-15 2021-10-20
5.5
None Remote Low ??? Partial Partial None
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control. After logging in with user’s privilege, remote attackers can access and edit other users’ credential and personal information by crafting URL parameters.
38 CVE-2021-42329 79 XSS 2021-10-15 2021-10-20
3.5
None Remote Medium ??? None Partial None
The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.
39 CVE-2021-42327 787 Overflow 2021-10-21 2021-11-28
4.6
None Local Low Not required Partial Partial Partial
dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer.
40 CVE-2021-42326 200 +Info 2021-10-12 2021-10-19
5.0
None Remote Low Not required Partial None None
Redmine before 4.1.5 and 4.2.x before 4.2.3 may disclose the names of users on activity views due to an insufficient access filter.
41 CVE-2021-42325 89 Sql 2021-10-12 2021-11-26
7.5
None Remote Low Not required Partial Partial Partial
Froxlor through 0.10.29.1 allows SQL injection in Database/Manager/DbManagerMySQL.php via a custom DB name.
42 CVE-2021-42299 863 Bypass 2021-10-20 2021-10-27
3.6
None Local Low Not required Partial Partial None
Microsoft Surface Pro 3 Security Feature Bypass Vulnerability
43 CVE-2021-42261 22 Dir. Trav. 2021-10-19 2021-10-25
5.0
None Remote Low Not required Partial None None
Revisor Video Management System (VMS) before 2.0.0 has a directory traversal vulnerability. Successful exploitation could allow an attacker to traverse the file system to access files or directories that are outside of restricted directory on the remote server. This could lead to the disclosure of sensitive data on the vulnerable server.
44 CVE-2021-42260 835 DoS 2021-10-11 2021-11-30
5.0
None Remote Low Not required None None Partial
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
45 CVE-2021-42258 89 Exec Code Sql 2021-10-22 2021-10-28
6.8
None Remote Medium Not required Partial Partial Partial
BQE BillQuick Web Suite 2018 through 2021 before 22.0.9.1 allows SQL injection for unauthenticated remote code execution, as exploited in the wild in October 2021 for ransomware installation. SQL injection can, for example, use the txtID (aka username) parameter. Successful exploitation can include the ability to execute arbitrary code as MSSQLSERVER$ via xp_cmdshell.
46 CVE-2021-42257 20 2021-10-11 2021-10-19
3.6
None Local Low Not required None Partial Partial
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
47 CVE-2021-42252 2021-10-11 2021-12-03
4.6
None Local Low Not required Partial Partial Partial
An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes.
48 CVE-2021-42228 352 CSRF 2021-10-14 2021-10-19
6.8
None Remote Medium Not required Partial Partial Partial
A Cross Site Request Forgery (CSRF) vulnerability exists in KindEditor 4.1.x, as demonstrated by examples/uploadbutton.html.
49 CVE-2021-42227 79 XSS 2021-10-14 2021-10-19
4.3
None Remote Medium Not required None Partial None
Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed).
50 CVE-2021-42224 89 Sql 2021-10-13 2021-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL Injection vulnerability exists in IFSC Code Finder Project 1.0 via the searchifsccode POST parameter in /search.php.
Total number of vulnerabilities : 1708   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.