Security Vulnerabilities - CVEs Published In October 2021
FATEK Automation WinProladder versions 3.30 and prior is vulnerable to an out-of-bounds read, which may allow an attacker to read unauthorized information.
CVSS Score
3.3
EPSS Score
0.001
Published
2021-10-18
FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in a heap-corruption condition. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.006
Published
2021-10-18
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its operations. This is fixed in cluster-glue 1.0.6 and newer, and pacemaker 1.1.3 and newer.
CVSS Score
5.5
EPSS Score
0.0
Published
2021-10-18
Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-10-18
An issue was discovered in Squid 5.0.6 through 5.1.x before 5.2. When validating an origin server or peer certificate, Squid may incorrectly classify certain certificates as trusted. This problem allows a remote server to obtain security trust well improperly. This indication of trust may be passed along to clients, allowing access to unsafe or hijacked services.
CVSS Score
7.5
EPSS Score
0.022
Published
2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the UID parameter.
CVSS Score
6.1
EPSS Score
0.021
Published
2021-10-18
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
CVSS Score
6.1
EPSS Score
0.021
Published
2021-10-18
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it could be moved to the queue where the agent has "rw" permissions and gain a full control. This issue affects: OTRS AG OTRS 8.0.x version: 8.0.16 and prior versions.
CVSS Score
3.5
EPSS Score
0.001
Published
2021-10-18
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used.
CVSS Score
9.8
EPSS Score
0.059
Published
2021-10-18
Mitsubishi Electric Europe B.V. SmartRTU devices allow remote attackers to obtain sensitive information (directory listing and source code) via a direct request to the /web URI.
CVSS Score
7.5
EPSS Score
0.062
Published
2021-10-15