Security Vulnerabilities - CVEs Published In September 2021
Certain Federal Office of Information Technology Systems and Telecommunication FOITT products are affected by improper handling of exceptional conditions. This affects COVID Certificate App IOS 2.2.0 and below affected, patch in progress and COVID Certificate Check App IOS 2.2.0 and below affected, patch in progress. A denial of service (physically proximate) could be caused by scanning a crafted QR code.
CVSS Score
4.6
EPSS Score
0.0
Published
2021-09-27
The vulnerability origins in the commissioning process where an attacker of the ControlTouch can enter a serial number in a specific way to transfer the device virtually into her/his my.busch-jaeger.de or mybuildings.abb.com profile. A successful attacker can observe and control a ControlTouch remotely under very specific circumstances. The issue is fixed in the cloud side of the system. No firmware update is needed for customer products. If a user wants to understand if (s)he is affected, please read the advisory. This issue affects: ABB and Busch-Jaeger, ControlTouch
CVSS Score
6.5
EPSS Score
0.002
Published
2021-09-27
An issue was discovered in Concrete CMS through 8.5.5. The Calendar is vulnerable to CSRF. ccm_token is not verified on the ccm/calendar/dialogs/event/add/save endpoint.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-09-27
A SSRF issue was discovered in Concrete CMS through 8.5.5. Users can access forbidden files on their local network. A user with permissions to upload files from external sites can upload a URL that redirects to an internal resource of any file type. The redirect is followed and loads the contents of the file from the redirected-to server. Files of disallowed types can be uploaded.
CVSS Score
6.4
EPSS Score
0.001
Published
2021-09-27
In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-09-27
grav-plugin-admin is vulnerable to Improper Restriction of Rendered UI Layers or Frames
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-27
grav is vulnerable to Reliance on Cookies without Validation and Integrity Checking
CVSS Score
6.3
EPSS Score
0.004
Published
2021-09-27
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.001
Published
2021-09-27
inflect is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
5.3
EPSS Score
0.003
Published
2021-09-27
jsoneditor is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
5.3
EPSS Score
0.003
Published
2021-09-27