Security Vulnerabilities - CVEs Published In September 2021
The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-09-03
A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-03
A race condition was discovered in ext4_write_inline_data_end in fs/ext4/inline.c in the ext4 subsystem in the Linux kernel through 5.13.13.
CVSS Score
7.0
EPSS Score
0.0
Published
2021-09-03
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
6.1
EPSS Score
0.011
Published
2021-09-02
Microsoft Edge for Android Information Disclosure Vulnerability
CVSS Score
4.6
EPSS Score
0.066
Published
2021-09-02
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
5.3
EPSS Score
0.005
Published
2021-09-02
Microsoft Edge for Android Spoofing Vulnerability
CVSS Score
6.1
EPSS Score
0.007
Published
2021-09-02
Microsoft Edge for iOS Spoofing Vulnerability
CVSS Score
6.1
EPSS Score
0.007
Published
2021-09-02
In Eclipse Theia 0.1.1 to 0.2.0, it is possible to exploit the default build to obtain remote code execution (and XXE) via the theia-xml-extension. This extension uses lsp4xml (recently renamed to LemMinX) in order to provide language support for XML. This is installed by default.
CVSS Score
9.8
EPSS Score
0.035
Published
2021-09-02
An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field.
CVSS Score
9.8
EPSS Score
0.011
Published
2021-09-02