Security Vulnerabilities - CVEs Published In September 2021
This affects the package edge.js before 5.3.2. A type confusion vulnerability can be used to bypass input sanitization when the input to be rendered is an array (instead of a string or a SafeValue), even if {{ }} are used.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-09-21
This affects the package jointjs before 3.4.2. A type confusion vulnerability can lead to a bypass of CVE-2020-28480 when the user-provided keys used in the path parameter are arrays in the setByPath function.
CVSS Score
5.6
EPSS Score
0.015
Published
2021-09-21
Butter is a system usability utility. Due to a kernel error the JPNS kernel is being discontinued. Affected users are recommend to update to the Trinity kernel. There are no workarounds.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-09-21
In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS.
CVSS Score
6.1
EPSS Score
0.244
Published
2021-09-21
IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 204775.
CVSS Score
7.1
EPSS Score
0.007
Published
2021-09-21
IBM PowerVM Hypervisor FW860, FW930, FW940, and FW950 could allow a local user to create a specially crafted sequence of hypervisor calls from a partition that could crash the system. IBM X-Force ID: 203557.
CVSS Score
6.0
EPSS Score
0.0
Published
2021-09-21
An issue related to modification of otherwise restricted files through a locally authenticated attacker exists in FlexNet inventory agent and inventory beacon versions 2020 R2.5 and prior.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-09-21
NLnet Labs Routinator prior to 0.10.0 produces invalid RTR payload if an RPKI CA uses too large values in the max-length parameter in a ROA. This will lead to RTR clients such as routers to reject the RPKI data set, effectively disabling Route Origin Validation.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-09-21
In GetTimeStampAndPkt of DumpstateDevice.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-179620905 References: N/A
CVSS Score
9.8
EPSS Score
0.014
Published
2021-09-21
Zoho ManageEngine Desktop Central before build 10.0.683 allows unauthenticated command injection due to improper handling of an input command in on-demand operations.
CVSS Score
9.8
EPSS Score
0.073
Published
2021-09-21