Security Vulnerabilities - CVEs Published In October 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
CVSS Score
4.3
EPSS Score
0.002
Published
2021-10-19
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
5.5
EPSS Score
0.002
Published
2021-10-19
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVSS Score
8.6
EPSS Score
0.003
Published
2021-10-19
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-19
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS Score
6.8
EPSS Score
0.005
Published
2021-10-19
libmobi is vulnerable to Use of Out-of-range Pointer Offset
CVSS Score
7.1
EPSS Score
0.003
Published
2021-10-19
libmobi is vulnerable to Use of Out-of-range Pointer Offset
CVSS Score
7.1
EPSS Score
0.003
Published
2021-10-19
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-10-19
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
CVSS Score
6.4
EPSS Score
0.0
Published
2021-10-19
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.
CVSS Score
8.8
EPSS Score
0.002
Published
2021-10-19