Security Vulnerabilities - CVEs Published In September 2021
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13773).
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28
A vulnerability has been identified in Solid Edge SE2021 (All versions < SE2021MP8). The affected application contains a use-after-free vulnerability while parsing OBJ files. An attacker could leverage this vulnerability to execute code in the context of the current process (ZDI-CAN-13776).
CVSS Score
7.8
EPSS Score
0.007
Published
2021-09-28
A vulnerability has been identified in NX 1980 Series (All versions < V1984), Solid Edge SE2021 (All versions < SE2021MP8). The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process (ZDI-CAN-13565).
CVSS Score
3.3
EPSS Score
0.002
Published
2021-09-28
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
CVSS Score
5.4
EPSS Score
0.004
Published
2021-09-28
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
CVSS Score
7.6
EPSS Score
0.007
Published
2021-09-28
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
CVSS Score
5.3
EPSS Score
0.001
Published
2021-09-28
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-27
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-09-27
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-27
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-27