Security Vulnerabilities - CVEs Published In October 2021
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-15
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
CVSS Score
7.2
EPSS Score
0.033
Published
2021-10-15
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVSS Score
4.3
EPSS Score
0.004
Published
2021-10-15
vim is vulnerable to Heap-based Buffer Overflow
CVSS Score
7.8
EPSS Score
0.001
Published
2021-10-15
corenlp is vulnerable to Improper Restriction of XML External Entity Reference
CVSS Score
9.8
EPSS Score
0.003
Published
2021-10-15
libmobi is vulnerable to Out-of-bounds Read
CVSS Score
7.1
EPSS Score
0.004
Published
2021-10-15
A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
CVSS Score
7.2
EPSS Score
0.025
Published
2021-10-15
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS Score
5.5
EPSS Score
0.004
Published
2021-10-15
The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
CVSS Score
5.5
EPSS Score
0.009
Published
2021-10-15
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-10-15