Info-security-vs-IT-security
Share on linkedin
Share on facebook
Share on twitter
Share on email

October Security Vulnerabilities

We have compiled a list of Security Vulnerabilities that were discovered in October 2021. We are available to assist you if you need help applying or investigating these vulnerabilities. 

Contact for assistance solving Security Vulnerabilities

Windows 10 Vulnerabilities

CVE NumberDate of ReleaseSeverityDescription
CVE-2021-4134513/10/217.2Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26441, CVE-2021-40478, CVE-2021-40488, CVE-2021-40489.
CVE-2021-4134213/10/216.8Windows MSHTML Platform Remote Code Execution Vulnerability
CVE-2021-4134013/10/216.8Windows Graphics Component Remote Code Execution Vulnerability
CVE-2021-4133513/10/217.2Windows Kernel Elevation of Privilege Vulnerability
CVE-2021-4133113/10/216.8Windows Media Audio Decoder Remote Code Execution Vulnerability
CVE-2021-4133013/10/216.8Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2021-4047613/10/216.8Windows AppContainer Elevation Of Privilege Vulnerability
CVE-2021-4046513/10/216.8Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-4046413/10/215.2Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-4046213/10/216.8Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVE-2021-4046113/10/215.2Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
CVE-2021-3695313/10/215Windows TCP/IP Denial of Service Vulnerability

Windows Server Vulnerabilities

CVE NumberDate of ReleaseSeverityDescription
CVE-2021-4046519/10/216.8Windows Text Shaping Remote Code Execution Vulnerability
CVE-2021-4046419/10/215.2Windows Nearby Sharing Elevation of Privilege Vulnerability
CVE-2021-4046219/10/216.8Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVE-2021-4046119/10/215.2Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.
CVE-2021-4045619/10/215Windows AD FS Security Feature Bypass Vulnerability
CVE-2021-3695319/10/215Windows TCP/IP Denial of Service Vulnerability

Windows Server Vulnerabilities

CVE NumberDate of ReleaseSeverityDescription
CVE-2021-3797515/10/216.8Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3797415/10/216.8Use after free in Safebrowsing in Google Chrome prior to 94.0.4606.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3797314/10/216.8Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-3797214/10/216.8Out of bounds read in libjpeg-turbo in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3797014/10/216.8Use after free in File System API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3796914/10/216.8Inappropriate implementation in Google Updater in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to perform local privilege escalation via a crafted file.
CVE-2021-3796214/10/216.8Use after free in Performance Manager in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3796114/10/216.8Use after free in Tab Strip in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3795914/10/216.8Use after free in Task Manager in Google Chrome prior to 94.0.4606.54 allowed an attacker who convinced a user to enage in a series of user gestures to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3795814/10/215.8Inappropriate implementation in Navigation in Google Chrome on Windows prior to 94.0.4606.54 allowed a remote attacker to inject scripts or HTML into a privileged page via a crafted HTML page.
CVE-2021-3795712/10/216.8Use after free in WebGPU in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3795612/10/216.8Use after free in Offline use in Google Chrome on Android prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3063312/10/216.8Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVE-2021-3063212/10/216.8Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3062912/10/216.8Use after free in Permissions in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3062812/10/216.8Stack buffer overflow in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page.
CVE-2021-3062712/10/216.8Type confusion in Blink layout in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3062612/10/216.8Out of bounds memory access in ANGLE in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2021-3062512/10/216.8Use after free in Selection API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who convinced the user the visit a malicious website to potentially exploit heap corruption via a crafted HTML page.



For more information and pricing for any of our services either for yourself or for your customers you can contact us below