Security Vulnerabilities - CVEs Published In October 2021
A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-10-28
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to read at any address.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-28
A component of the HarmonyOS has a Improper Input Validation vulnerability. Local attackers may exploit this vulnerability to cause nearby process crash.
CVSS Score
3.3
EPSS Score
0.0
Published
2021-10-28
A component of the HarmonyOS has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause core dump.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-28
Multiple buffer overflows in the limited configuration shell (/sbin/gs_config) on Grandstream HT801 devices before 1.0.29 allow remote authenticated users to execute arbitrary code as root via a crafted manage_if setting, thus bypassing the intended restrictions of this shell and taking full control of the device. There are default weak credentials that can be used to authenticate.
CVSS Score
8.8
EPSS Score
0.119
Published
2021-10-28
An issue was discovered on the Grandstream HT801 Analog Telephone Adaptor before 1.0.29.8. From the limited configuration shell, it is possible to set the malicious gdb_debug_server variable. As a result, after a reboot, the device downloads and executes malicious scripts from an attacker-defined host.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-10-28
Zoom Call Recording 6.3.1 from Eleveo is vulnerable to Java Deserialization attacks targeting the inbuilt RMI service. A remote unauthenticated attacker can exploit this vulnerability by sending crafted RMI requests to execute arbitrary code on the target host.
CVSS Score
10.0
EPSS Score
0.084
Published
2021-10-28
An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-28
An issue was discovered in the Linux kernel before 5.14.8. A use-after-free in selinux_ptrace_traceme (aka the SELinux handler for PTRACE_TRACEME) could be used by local attackers to cause memory corruption and escalate privileges, aka CID-a3727a8bac0a. This occurs because of an attempt to access the subjective credentials of another task.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-28
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.3
EPSS Score
0.002
Published
2021-10-27