Security Vulnerabilities - CVEs Published In September 2021
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
CVSS Score
3.1
EPSS Score
0.005
Published
2021-09-27
Out of bounds write vulnerability in the JPEG parsing code of Netop Vision Pro up to and including 9.7.2 allows an adjacent unauthenticated attacker to write to arbitrary memory potentially leading to a Denial of Service (DoS).
CVSS Score
7.4
EPSS Score
0.001
Published
2021-09-27
Zoho ManageEngine ADManager Plus version 7110 and prior is vulnerable to unrestricted file upload, leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.374
Published
2021-09-27
The Authentication API in Ping Identity PingFederate before 10.3 mishandles certain aspects of external password management.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-27
The set_user extension module before 3.0.0 for PostgreSQL allows ProcessUtility_hook bypass via set_config.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-09-27
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames.
CVSS Score
7.5
EPSS Score
0.014
Published
2021-09-27
Adobe Premiere Elements version 2021.2235820 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious png file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
CVSS Score
7.8
EPSS Score
0.021
Published
2021-09-27
Photoshop Elements versions 2021 build 19.0 (20210304.m.156367) (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious TTF file.
CVSS Score
7.8
EPSS Score
0.094
Published
2021-09-27
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary command execution vulnerability. An authenticated attacker could leverage this vulnerability to execute arbitrary commands. User interaction is required to abuse this vulnerability in that a user must open a maliciously crafted .epub file.
CVSS Score
8.6
EPSS Score
0.038
Published
2021-09-27
Adobe Digital Editions 4.5.11.187646 (and earlier) are affected by an arbitrary file write vulnerability in the Digital Editions installer. An authenticated attacker could leverage this vulnerability to write an arbitrary file to the system. User interaction is required before product installation to abuse this vulnerability.
CVSS Score
6.5
EPSS Score
0.008
Published
2021-09-27