Security Vulnerabilities - CVEs Published In September 2021
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-28
A SQL injection vulnerability exists in Sureline SUREedge Migrator 7.0.7.29360.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-28
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-09-28
A Denial of Service issue exists in China Telecom Corporation EPON Tianyi Gateway ZXHN F450(EPON ONU) 3.0. Tianyi Gateway is a hardware terminal of "Optical Modem Smart Router." Attackers can use this vulnerability to restart the device multiple times.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-28
Nagios XI before 5.8.5 has Incorrect Permission Assignment for migrate.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-09-28
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.
CVSS Score
9.8
EPSS Score
0.109
Published
2021-09-28
Nagios XI before 5.8.5 has Incorrect Permission Assignment for repairmysql.sh.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-09-28
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.
CVSS Score
9.8
EPSS Score
0.109
Published
2021-09-28
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x37a of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28
A buffer overflow vulnerability in FORMATS!Read_Utah_RLE+0x340 of Irfanview 4.57 allows attackers to execute arbitrary code via a crafted RLE file.
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28