Security Vulnerabilities - CVEs Published In October 2021
Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access, allowing for attackers to obtain users' DNS query history.
CVSS Score
5.3
EPSS Score
0.005
Published
2021-10-31
A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115.
CVSS Score
5.9
EPSS Score
0.0
Published
2021-10-30
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a NULL pointer, which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can deadlock, which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-29
A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/delete&sub=&filename=../../../../111.txt&filetype=image/jpeg of the master version of RKCMS. This vulnerability allows for an attacker to perform a directory traversal via a crafted .txt file.
CVSS Score
5.5
EPSS Score
0.015
Published
2021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where there is the potential to execute privileged operations by the guest OS, which may lead to information disclosure, data tampering, escalation of privileges, and denial of service
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can double-free a pointer, which may lead to denial of service. This flaw may result in a write-what-where condition, allowing an attacker to execute arbitrary code impacting integrity and availability.
CVSS Score
7.1
EPSS Score
0.0
Published
2021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a string provided by the guest OS may not be properly null terminated. The guest OS or attacker has no ability to push content to the plugin through this vulnerability, which may lead to information disclosure, data tampering, unauthorized code execution, and denial of service.
CVSS Score
7.0
EPSS Score
0.0
Published
2021-10-29
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager kernel driver, where a vGPU can cause resource starvation among other vGPUs hosted on the same GPU, which may lead to denial of service.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-29
A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows an attacker to perform a directory traversal attack via a GET request urlencode parameter.
CVSS Score
4.9
EPSS Score
0.004
Published
2021-10-29