Security Vulnerabilities - CVEs Published In October 2021
Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVSS Score
8.8
EPSS Score
0.006
Published
2021-10-08
Inappropriate implementation in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-08
CVE-2021-30632
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known exploited
CVSS Score
8.8
EPSS Score
0.842
Published
2021-10-08
CVE-2021-30633
Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Known exploited
CVSS Score
9.6
EPSS Score
0.468
Published
2021-10-08
The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-10-08
Ardour v5.12 contains a use-after-free vulnerability in the component ardour/libs/pbd/xml++.cc when using xmlFreeDoc and xmlXPathFreeContext.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-10-08
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090.
CVSS Score
3.1
EPSS Score
0.003
Published
2021-10-08
IBM App Connect Enterprise Certified Container 1.0, 1.1, 1.2, 1.3, 1.4 and 1.5 could disclose sensitive information to a local user when it is configured to use an IBM Cloud API key to connect to cloud-based connectors. IBM X-Force ID: 207630.
CVSS Score
5.1
EPSS Score
0.001
Published
2021-10-08
VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root.
CVSS Score
9.8
EPSS Score
0.006
Published
2021-10-08
Uncontrolled resource consumption in Mitsubishi Electric MELSEC iQ-R series C Controller Module R12CCPU-V Firmware Versions "16" and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending a large number of packets in a short time while the module starting up. System reset is required for recovery.
CVSS Score
5.9
EPSS Score
0.006
Published
2021-10-08