Security Vulnerabilities - CVEs Published In September 2021
Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS Score
7.8
EPSS Score
0.118
Published
2021-09-02
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to version 4.10.3, Parse Server crashes when if a query request contains an invalid value for the `explain` option. This is due to a bug in the MongoDB Node.js driver which throws an exception that Parse Server cannot catch. There is a patch for this issue in version 4.10.3. No workarounds aside from upgrading are known to exist.
CVSS Score
7.5
EPSS Score
0.007
Published
2021-09-02
Buffer overflow vulnerability in function pool_installable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
Buffer overflow vulnerability in function pool_disabled_solvable in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
Buffer overflow vulnerability in function pool_installable_whatprovides in src/repo.h in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
Buffer overflow vulnerability in function prune_to_recommended in src/policy.c in libsolv before 0.7.17 allows attackers to cause a Denial of Service.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
immer is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVSS Score
7.5
EPSS Score
0.001
Published
2021-09-02
bookstack is vulnerable to Server-Side Request Forgery (SSRF)
CVSS Score
6.3
EPSS Score
0.002
Published
2021-09-02
A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-09-02