Security Vulnerabilities - CVEs Published In November 2021
HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-11-03
HP Print and Scan Doctor may potentially be vulnerable to local elevation of privilege.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-11-03
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-11-03
In Druid 1.2.3, visiting the path with parameter in a certain function can lead to directory traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-11-03
Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.
CVSS Score
7.5
EPSS Score
0.013
Published
2021-11-03
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-11-03
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-11-03
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-11-03
Delta Electronics DIALink versions 1.2.4.0 and prior insecurely loads libraries, which may allow an attacker to use DLL hijacking and takeover the system where the software is installed.
CVSS Score
7.8
EPSS Score
0.0
Published
2021-11-03
Delta Electronics DIALink versions 1.2.4.0 and prior runs by default on HTTP, which may allow an attacker to be positioned between the traffic and perform a machine-in-the-middle attack to access information without authorization.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-11-03