Security Vulnerabilities - CVEs Published In September 2021
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-13
Information leakage vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVSS Score
6.0
EPSS Score
0.003
Published
2021-09-13
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVSS Score
8.0
EPSS Score
0.004
Published
2021-09-13
Open Redirection vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVSS Score
4.9
EPSS Score
0.001
Published
2021-09-13
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
CVSS Score
5.3
EPSS Score
0.002
Published
2021-09-13
Injection attack caused the denial of service vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-13
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
CVSS Score
7.3
EPSS Score
0.001
Published
2021-09-13
Certain NETGEAR smart switches are affected by an authentication hijacking race-condition vulnerability by an unauthenticated attacker who uses the same source IP address as an admin in the process of logging in (e.g., behind the same NAT device, or already in possession of a foothold on an admin's machine). This occurs because the multi-step HTTP authentication process is effectively tied only to the source IP address. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-13
CVE-2021-40870
An issue was discovered in Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2021-09-13
Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication when the authentication TLV is missing from a received NSDP packet. This affects GC108P before 1.0.8.2, GC108PP before 1.0.8.2, GS108Tv3 before 7.0.7.2, GS110TPP before 7.0.7.2, GS110TPv3 before 7.0.7.2, GS110TUP before 1.0.5.3, GS308T before 1.0.3.2, GS310TP before 1.0.3.2, GS710TUP before 1.0.5.3, GS716TP before 1.0.4.2, GS716TPP before 1.0.4.2, GS724TPP before 2.0.6.3, GS724TPv2 before 2.0.6.3, GS728TPPv2 before 6.0.8.2, GS728TPv2 before 6.0.8.2, GS750E before 1.0.1.10, GS752TPP before 6.0.8.2, GS752TPv2 before 6.0.8.2, MS510TXM before 1.0.4.2, and MS510TXUP before 1.0.4.2.
CVSS Score
9.8
EPSS Score
0.014
Published
2021-09-13