Security Vulnerabilities - CVEs Published In September 2021
ZStack is open source IaaS(infrastructure as a service) software. In ZStack before versions 3.10.12 and 4.1.6 there is a pre-auth unsafe deserialization vulnerability in the REST API. An attacker in control of the request body will be able to provide both the class name and the data to be deserialized and therefore will be able to instantiate an arbitrary type and assign arbitrary values to its fields. This issue may lead to a Denial Of Service. If a suitable gadget is available, then an attacker may also be able to exploit this vulnerability to gain pre-auth remote code execution. For additional details see the referenced GHSL-2021-087.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-09-09
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there is a set of arbitrary file read vulnerabilities. This vulnerability is known to exist in version 4.6.4.0 and may not be patched in later versions. Known vulnerable routes are /Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer, /Images/Ratings/theme/name and /Images/MediaInfo/theme/name. For more details including proof of concept code, refer to the referenced GHSL-2021-051. This issue may lead to unauthorized access to the system especially when Emby Server is configured to be accessible from the Internet.
CVSS Score
8.6
EPSS Score
0.004
Published
2021-09-09
Eclipse Keti is a service that was designed to protect RESTfuls API using Attribute Based Access Control (ABAC). In Keti a user able to create Policy Sets can run arbitrary code by sending malicious Groovy scripts which will escape the configured Groovy sandbox. This vulnerability is known to exist in the latest commit at the time of writing this CVE (commit a1c8dbe). For more details see the referenced GHSL-2021-063.
CVSS Score
8.2
EPSS Score
0.003
Published
2021-09-09
systeminformation is an npm package that provides system and OS information library for node.js. In systeminformation before version 4.26.2 there is a command injection vulnerability. Problem was fixed in version 4.26.2 with a shell string sanitation fix.
CVSS Score
5.9
EPSS Score
0.011
Published
2021-09-09
scheme/webauthn.c in Glewlwyd SSO server through 2.5.3 has a buffer overflow during FIDO2 signature validation in webauthn registration.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-09-08
The Customer Photo Gallery addon before 2.9.4 for PrestaShop is vulnerable to SQL injection.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-08
The GD Graphics Library (aka LibGD) through 2.3.2 has an out-of-bounds read because of the lack of certain gdGetBuf and gdPutBuf return value checks.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-09-08
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-08
Unrestricted File Upload in ShowDoc v2.9.5 allows remote attackers to execute arbitrary code via the 'file_url' parameter in the component AdminUpdateController.class.php'.
CVSS Score
9.8
EPSS Score
0.368
Published
2021-09-08
Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".
CVSS Score
9.8
EPSS Score
0.093
Published
2021-09-08