Security Vulnerabilities - CVEs Published In September 2021
GLPI is a free Asset and IT management software package. Starting in version 9.2 and prior to version 9.5.6, the telemetry endpoint discloses GLPI and server information. This issue is fixed in version 9.5.6. As a workaround, remove the file `ajax/telemetry.php`, which is not needed for usual functions of GLPI.
CVSS Score
5.3
EPSS Score
0.544
Published
2021-09-15
GLPI is a free Asset and IT management software package. Starting in version 9.1 and prior to version 9.5.6, GLPI with API Rest enabled is vulnerable to API bypass with custom header injection. This issue is fixed in version 9.5.6. One may disable API Rest as a workaround.
CVSS Score
6.8
EPSS Score
0.004
Published
2021-09-15
The management tool in MyLittleBackup up to and including 1.7 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code.
CVSS Score
9.8
EPSS Score
0.037
Published
2021-09-15
semver-regex is vulnerable to Inefficient Regular Expression Complexity
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-15
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-09-15
A maliciously crafted DWG file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to write beyond allocated boundaries when parsing the DWG files. This vulnerability can be exploited to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-09-15
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-09-15
MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs&c=index&a=dodel.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-09-15
A maliciously crafted PDF file in Autodesk Navisworks 2019, 2020, 2021, 2022 can be forced to read beyond allocated boundaries when parsing the PDF file. This vulnerability can be exploited to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-09-15
A Memory Corruption vulnerability for PDF files in Autodesk Navisworks 2019, 2020, 2021, 2022 may lead to code execution through maliciously crafted DLL files.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-15