Security Vulnerabilities - CVEs Published In October 2021
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the urls parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-29
Buffer Overflow vulnerability in Tenda AC9 V1.0 through V15.03.05.19(6318), and AC9 V3.0 V15.03.06.42_multi, allows attackers to execute arbitrary code via the index parameter.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-10-29
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
CVSS Score
6.1
EPSS Score
0.413
Published
2021-10-29
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
CVSS Score
7.6
EPSS Score
0.006
Published
2021-10-29
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-28
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".
CVSS Score
7.8
EPSS Score
0.002
Published
2021-10-28
A remote code execution (RCE) vulnerability in the component /codebase/dir.php?type=filenew of Mara v7.5 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.224
Published
2021-10-28
A remote code execution (RCE) vulnerability in the component /admin/index.php?id=themes&action=edit_template&filename=blog of Monstra v3.0.4 allows attackers to execute arbitrary commands via a crafted PHP file.
CVSS Score
9.8
EPSS Score
0.178
Published
2021-10-28
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-browse_categories.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Create category module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-28
TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-28